11241100x80000000000000002047286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea48a610e49b0242022-02-14 10:54:25.430root 11241100x80000000000000002047287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3102b18f8cab4e8a2022-02-14 10:54:25.430root 11241100x80000000000000002047288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4c08f46c2803f52022-02-14 10:54:25.430root 11241100x80000000000000002047289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1c0e5fc49631212022-02-14 10:54:25.430root 11241100x80000000000000002047290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a21e602704b7892022-02-14 10:54:25.430root 11241100x80000000000000002047291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caafa43af022c0c82022-02-14 10:54:25.430root 11241100x80000000000000002047292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3e4601faa093352022-02-14 10:54:25.430root 11241100x80000000000000002047293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e0b4ed8689ce872022-02-14 10:54:25.930root 11241100x80000000000000002047294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8345f997e792916a2022-02-14 10:54:25.930root 11241100x80000000000000002047295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df970f96403d0ca2022-02-14 10:54:25.930root 11241100x80000000000000002047296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0900506a774f4b632022-02-14 10:54:25.930root 11241100x80000000000000002047297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864cdb207b304f112022-02-14 10:54:25.930root 11241100x80000000000000002047298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22eaa6a42577bd322022-02-14 10:54:25.930root 11241100x80000000000000002047299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52df26ac4ad96f382022-02-14 10:54:25.931root 11241100x80000000000000002047300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4933af0755fa03482022-02-14 10:54:26.430root 11241100x80000000000000002047301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fda16927cb9be7f2022-02-14 10:54:26.430root 11241100x80000000000000002047302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8ed952ca06b8ef2022-02-14 10:54:26.430root 11241100x80000000000000002047303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63c8242af57ab3d2022-02-14 10:54:26.430root 11241100x80000000000000002047304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820d2db9a6ca27442022-02-14 10:54:26.430root 11241100x80000000000000002047305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4746e29ccaf7b20d2022-02-14 10:54:26.430root 11241100x80000000000000002047306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1a7a98ce7ddadd2022-02-14 10:54:26.430root 11241100x80000000000000002047307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9913f40da1f1d9d92022-02-14 10:54:26.930root 11241100x80000000000000002047308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bfb1c7cd61b3ed2022-02-14 10:54:26.930root 11241100x80000000000000002047309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d60730d9514945b2022-02-14 10:54:26.930root 11241100x80000000000000002047310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ac5c45d04905052022-02-14 10:54:26.931root 11241100x80000000000000002047311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631762acaa40631d2022-02-14 10:54:26.931root 11241100x80000000000000002047312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845cb1edb0c200692022-02-14 10:54:26.931root 11241100x80000000000000002047313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974ca4caef2bb4922022-02-14 10:54:26.931root 354300x80000000000000002047314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.163{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54634-false10.0.1.12-8000- 11241100x80000000000000002047315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206c1e86f4aabce92022-02-14 10:54:27.430root 11241100x80000000000000002047316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba7a511cc1130132022-02-14 10:54:27.430root 11241100x80000000000000002047317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa546d09bc4ba0382022-02-14 10:54:27.430root 11241100x80000000000000002047318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a139fbcfe4768662022-02-14 10:54:27.430root 11241100x80000000000000002047319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4561b72f90a76452022-02-14 10:54:27.430root 11241100x80000000000000002047320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c8424043983f3e2022-02-14 10:54:27.430root 11241100x80000000000000002047321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de911ed26285d9c2022-02-14 10:54:27.430root 11241100x80000000000000002047322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8be176e91b541952022-02-14 10:54:27.431root 11241100x80000000000000002047323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12600ad58f858e52022-02-14 10:54:27.930root 11241100x80000000000000002047324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d1c24a056d29222022-02-14 10:54:27.930root 11241100x80000000000000002047325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916e1f2f6fcdf4482022-02-14 10:54:27.930root 11241100x80000000000000002047326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8759ff3615a1b3122022-02-14 10:54:27.930root 11241100x80000000000000002047327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4066a11f360e8fc72022-02-14 10:54:27.930root 11241100x80000000000000002047328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436db1373798d0d82022-02-14 10:54:27.930root 11241100x80000000000000002047329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d08db1c9a193a22022-02-14 10:54:27.930root 11241100x80000000000000002047330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe5d96adaac747e2022-02-14 10:54:27.930root 11241100x80000000000000002047331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42577b99dfe6bf3b2022-02-14 10:54:28.429root 11241100x80000000000000002047332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e15cbef0b21e252022-02-14 10:54:28.430root 11241100x80000000000000002047333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bd86b7d3d5dee02022-02-14 10:54:28.430root 11241100x80000000000000002047334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d890e71685edd602022-02-14 10:54:28.430root 11241100x80000000000000002047335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3d7012a26e2ee52022-02-14 10:54:28.430root 11241100x80000000000000002047336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8482dce8fb50b0b2022-02-14 10:54:28.430root 11241100x80000000000000002047337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50aca11441c4dca2022-02-14 10:54:28.430root 11241100x80000000000000002047338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd323114cbbf83622022-02-14 10:54:28.430root 11241100x80000000000000002047339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ecbeb768bce8482022-02-14 10:54:28.930root 11241100x80000000000000002047340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8222420137321b242022-02-14 10:54:28.930root 11241100x80000000000000002047341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c03e2a44efae112022-02-14 10:54:28.930root 11241100x80000000000000002047342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775e0b6ca8076a692022-02-14 10:54:28.930root 11241100x80000000000000002047343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b409b44cc4d0472022-02-14 10:54:28.930root 11241100x80000000000000002047344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fe0128bb24e6d02022-02-14 10:54:28.930root 11241100x80000000000000002047345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3326c6998e2a4892022-02-14 10:54:28.930root 11241100x80000000000000002047346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f7ecd61913c8602022-02-14 10:54:28.930root 11241100x80000000000000002047347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428dba1d87fb648b2022-02-14 10:54:29.430root 11241100x80000000000000002047348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e582559327a2c02022-02-14 10:54:29.430root 11241100x80000000000000002047349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd35d9047c3a011d2022-02-14 10:54:29.430root 11241100x80000000000000002047350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8feb216e0bf7ea2022-02-14 10:54:29.430root 11241100x80000000000000002047351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e346dcd2013edae2022-02-14 10:54:29.430root 11241100x80000000000000002047352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c75fd701ebc00da2022-02-14 10:54:29.430root 11241100x80000000000000002047353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b8cfff64bfc97e2022-02-14 10:54:29.430root 11241100x80000000000000002047354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29663ecde5eb1ab12022-02-14 10:54:29.430root 11241100x80000000000000002047355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334df6e21bcdd1432022-02-14 10:54:29.930root 11241100x80000000000000002047356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfb6871db3139b42022-02-14 10:54:29.930root 11241100x80000000000000002047357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6470b348e61f492022-02-14 10:54:29.930root 11241100x80000000000000002047358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507b0a5de71084242022-02-14 10:54:29.930root 11241100x80000000000000002047359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a867e5bb692e4d6a2022-02-14 10:54:29.930root 11241100x80000000000000002047360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff18c8d47d7e03712022-02-14 10:54:29.930root 11241100x80000000000000002047361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3637229de84a81812022-02-14 10:54:29.930root 11241100x80000000000000002047362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1983217631d94a382022-02-14 10:54:29.930root 11241100x80000000000000002047363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f883e714f4a1432022-02-14 10:54:30.430root 11241100x80000000000000002047364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e753bfd000ec4362022-02-14 10:54:30.430root 11241100x80000000000000002047365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ebd1d6eb86e8fc2022-02-14 10:54:30.430root 11241100x80000000000000002047366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae07d542884580c2022-02-14 10:54:30.430root 11241100x80000000000000002047367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049103e081ba373c2022-02-14 10:54:30.430root 11241100x80000000000000002047368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f99721fd8e1c3472022-02-14 10:54:30.430root 11241100x80000000000000002047369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b02d1d35436989a2022-02-14 10:54:30.430root 11241100x80000000000000002047370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2ec8c5c9890cea2022-02-14 10:54:30.430root 11241100x80000000000000002047371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c7a8fca895222b2022-02-14 10:54:30.930root 11241100x80000000000000002047372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d52152176013362022-02-14 10:54:30.930root 11241100x80000000000000002047373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4201f4f7c96381b42022-02-14 10:54:30.930root 11241100x80000000000000002047374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45083ba2c052c21a2022-02-14 10:54:30.930root 11241100x80000000000000002047375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39adcbf6d6390b972022-02-14 10:54:30.930root 11241100x80000000000000002047376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1978f91f175ac9992022-02-14 10:54:30.930root 11241100x80000000000000002047377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35071a93b7a986242022-02-14 10:54:30.930root 11241100x80000000000000002047378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f2d1aca2009ff12022-02-14 10:54:30.931root 11241100x80000000000000002047379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff247eca9d55db22022-02-14 10:54:31.430root 11241100x80000000000000002047380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07198180cefd64a22022-02-14 10:54:31.430root 11241100x80000000000000002047381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b6abbd8ed5031a2022-02-14 10:54:31.430root 11241100x80000000000000002047382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7bd675e2d163ef2022-02-14 10:54:31.430root 11241100x80000000000000002047383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7ade8f628fb8532022-02-14 10:54:31.430root 11241100x80000000000000002047384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a813e5d48179f92022-02-14 10:54:31.430root 11241100x80000000000000002047385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2824675c53a047dc2022-02-14 10:54:31.430root 11241100x80000000000000002047386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3d22eb41b6d0af2022-02-14 10:54:31.430root 534500x80000000000000002047387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.833{00000000-0000-0000-0000-000000000000}2382<unknown process>root 534500x80000000000000002047388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.833{00000000-0000-0000-0000-000000000000}2370<unknown process>root 11241100x80000000000000002047389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050f25b422e31a462022-02-14 10:54:31.834root 11241100x80000000000000002047390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870b61e90c2478be2022-02-14 10:54:31.835root 11241100x80000000000000002047391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666cc81fc480e9f12022-02-14 10:54:31.835root 11241100x80000000000000002047392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8799462e5c26cb202022-02-14 10:54:31.835root 11241100x80000000000000002047393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.836{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5d4d1c5a89d9792022-02-14 10:54:31.836root 11241100x80000000000000002047394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.836{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628bc0f19901f5652022-02-14 10:54:31.836root 11241100x80000000000000002047395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.836{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3577989378c7f922022-02-14 10:54:31.836root 11241100x80000000000000002047396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.836{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f135dc1b5e520b2022-02-14 10:54:31.836root 11241100x80000000000000002047397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.836{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcfb82cf22a8cb92022-02-14 10:54:31.836root 11241100x80000000000000002047398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:31.836{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55edfa5ba051f9392022-02-14 10:54:31.836root 11241100x80000000000000002047399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9da9edcf0c5a902022-02-14 10:54:32.180root 11241100x80000000000000002047400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d67fda2b86af2b32022-02-14 10:54:32.180root 11241100x80000000000000002047401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ed54a1ef4f248f2022-02-14 10:54:32.180root 11241100x80000000000000002047402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d72114e3dd75402022-02-14 10:54:32.180root 11241100x80000000000000002047403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7850af20a7fad12022-02-14 10:54:32.180root 11241100x80000000000000002047404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c422f92399d781772022-02-14 10:54:32.180root 11241100x80000000000000002047405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24209a3736fff1e42022-02-14 10:54:32.180root 11241100x80000000000000002047406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cd03e4801e10392022-02-14 10:54:32.180root 11241100x80000000000000002047407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff23a2dfe14217e2022-02-14 10:54:32.180root 11241100x80000000000000002047408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08eab6b71266e102022-02-14 10:54:32.180root 11241100x80000000000000002047409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1007819a4dbf74f2022-02-14 10:54:32.680root 11241100x80000000000000002047410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6286826eebea1442022-02-14 10:54:32.680root 11241100x80000000000000002047411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078fb21e259462522022-02-14 10:54:32.680root 11241100x80000000000000002047412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa2eeabb72b13d32022-02-14 10:54:32.680root 11241100x80000000000000002047413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565a7e3567a7ac662022-02-14 10:54:32.680root 11241100x80000000000000002047414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f805789fdbe72a12022-02-14 10:54:32.680root 11241100x80000000000000002047415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0670d081778ad42022-02-14 10:54:32.680root 11241100x80000000000000002047416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b9eb271835646e2022-02-14 10:54:32.680root 11241100x80000000000000002047417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a713c164f330282022-02-14 10:54:32.680root 11241100x80000000000000002047418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3febfc4b6192834c2022-02-14 10:54:32.680root 354300x80000000000000002047419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.102{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54636-false10.0.1.12-8000- 11241100x80000000000000002047420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0dcdaf88744bbf2022-02-14 10:54:33.103root 11241100x80000000000000002047421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83af6cc048df73d2022-02-14 10:54:33.103root 11241100x80000000000000002047422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd39cfe1b2e6a5e62022-02-14 10:54:33.104root 11241100x80000000000000002047423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01f51cc38760dff2022-02-14 10:54:33.104root 11241100x80000000000000002047424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdda58e2f7c84762022-02-14 10:54:33.104root 11241100x80000000000000002047425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2282bed4ec5a0b782022-02-14 10:54:33.104root 11241100x80000000000000002047426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175f52766a1405c02022-02-14 10:54:33.105root 11241100x80000000000000002047427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547b8bdd5ef328602022-02-14 10:54:33.105root 11241100x80000000000000002047428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b71b18e62d43d2022-02-14 10:54:33.105root 11241100x80000000000000002047429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45d31239fec6d7a2022-02-14 10:54:33.105root 11241100x80000000000000002047430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9704a8a66ddcdb512022-02-14 10:54:33.105root 11241100x80000000000000002047431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a58e02d76f22762022-02-14 10:54:33.430root 11241100x80000000000000002047432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec77a281c1ac75442022-02-14 10:54:33.430root 11241100x80000000000000002047433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1530d57d01f28eb32022-02-14 10:54:33.430root 11241100x80000000000000002047434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecc5646b0daafd32022-02-14 10:54:33.430root 11241100x80000000000000002047435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff263679e7d3d2612022-02-14 10:54:33.430root 11241100x80000000000000002047436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b1e13c83be02782022-02-14 10:54:33.430root 11241100x80000000000000002047437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e48ed802faf1fde2022-02-14 10:54:33.430root 11241100x80000000000000002047438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de07c40062d9e8d32022-02-14 10:54:33.431root 11241100x80000000000000002047439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82762ac432531b8f2022-02-14 10:54:33.431root 11241100x80000000000000002047440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff567f892d3852e22022-02-14 10:54:33.431root 11241100x80000000000000002047441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21388e69834112b82022-02-14 10:54:33.431root 11241100x80000000000000002047442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c74b7bc184ac2322022-02-14 10:54:33.930root 11241100x80000000000000002047443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a96de09b641dc02022-02-14 10:54:33.930root 11241100x80000000000000002047444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3062fe94fcab76412022-02-14 10:54:33.930root 11241100x80000000000000002047445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad72abaa9f22bb162022-02-14 10:54:33.931root 11241100x80000000000000002047446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d395c98fa41b44502022-02-14 10:54:33.931root 11241100x80000000000000002047447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b85ab944e2d03122022-02-14 10:54:33.931root 11241100x80000000000000002047448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00ae6ddfb01a8002022-02-14 10:54:33.931root 11241100x80000000000000002047449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6ec10c9de51ff62022-02-14 10:54:33.931root 11241100x80000000000000002047450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4706e61e094d22162022-02-14 10:54:33.931root 11241100x80000000000000002047451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6843ffb1d40112882022-02-14 10:54:33.932root 11241100x80000000000000002047452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:33.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a794ddd4df52963a2022-02-14 10:54:33.932root 11241100x80000000000000002047453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4448d283d78be72022-02-14 10:54:34.430root 11241100x80000000000000002047454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207565614371b8252022-02-14 10:54:34.430root 11241100x80000000000000002047455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856b16a8af144b662022-02-14 10:54:34.430root 11241100x80000000000000002047456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fad2e5bebbc6922022-02-14 10:54:34.430root 11241100x80000000000000002047457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9b4707b890cd452022-02-14 10:54:34.430root 11241100x80000000000000002047458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0c8535235cea5b2022-02-14 10:54:34.430root 11241100x80000000000000002047459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f829d637e442a1e2022-02-14 10:54:34.430root 11241100x80000000000000002047460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081dfc3ccacc9f2c2022-02-14 10:54:34.430root 11241100x80000000000000002047461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406ad6c4c23ac6052022-02-14 10:54:34.430root 11241100x80000000000000002047462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bed2bc4a1a5a772022-02-14 10:54:34.431root 11241100x80000000000000002047463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d38a514632d2ce2022-02-14 10:54:34.431root 11241100x80000000000000002047464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae36f77ccd600a02022-02-14 10:54:34.930root 11241100x80000000000000002047465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b00eb29eba45c8f2022-02-14 10:54:34.930root 11241100x80000000000000002047466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3891c8eaebe5e6f2022-02-14 10:54:34.930root 11241100x80000000000000002047467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00182ef363eecfe2022-02-14 10:54:34.930root 11241100x80000000000000002047468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a98b0aaaa48800c2022-02-14 10:54:34.930root 11241100x80000000000000002047469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88ca836fb27dd442022-02-14 10:54:34.930root 11241100x80000000000000002047470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c18519aea7016b2022-02-14 10:54:34.930root 11241100x80000000000000002047471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c79b87f6e8f1e32022-02-14 10:54:34.930root 11241100x80000000000000002047472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3072b7ab10cead32022-02-14 10:54:34.930root 11241100x80000000000000002047473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce24ec1c86a4cfd72022-02-14 10:54:34.930root 11241100x80000000000000002047474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cc286ccde1a0ce2022-02-14 10:54:34.930root 11241100x80000000000000002047475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efb67dae5e019112022-02-14 10:54:35.430root 11241100x80000000000000002047476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79774bd6b3a84602022-02-14 10:54:35.430root 11241100x80000000000000002047477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfbf085836cc2042022-02-14 10:54:35.430root 11241100x80000000000000002047478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0471a2a168645062022-02-14 10:54:35.430root 11241100x80000000000000002047479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45662ee9a6680c1d2022-02-14 10:54:35.431root 11241100x80000000000000002047480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87c5074b2207d292022-02-14 10:54:35.431root 11241100x80000000000000002047481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d0c9cd06cbbeff2022-02-14 10:54:35.431root 11241100x80000000000000002047482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75014f13bf885ee2022-02-14 10:54:35.431root 11241100x80000000000000002047483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dda3b42a5288cb2022-02-14 10:54:35.431root 11241100x80000000000000002047484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ddbba90d5b40e42022-02-14 10:54:35.431root 11241100x80000000000000002047485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf794f4bc588bcea2022-02-14 10:54:35.431root 11241100x80000000000000002047486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38d64dcf501c0c22022-02-14 10:54:35.930root 11241100x80000000000000002047487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb93b4321fa868202022-02-14 10:54:35.930root 11241100x80000000000000002047488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d7c03ae6e7c2302022-02-14 10:54:35.930root 11241100x80000000000000002047489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88a00deaa7e6a4d2022-02-14 10:54:35.930root 11241100x80000000000000002047490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c6a51934e0cfdc2022-02-14 10:54:35.930root 11241100x80000000000000002047491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7817cbda73390e22022-02-14 10:54:35.930root 11241100x80000000000000002047492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd3b3e76f5c3c4d2022-02-14 10:54:35.930root 11241100x80000000000000002047493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff986d032e98a4842022-02-14 10:54:35.930root 11241100x80000000000000002047494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0932c722fb3161302022-02-14 10:54:35.930root 11241100x80000000000000002047495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9681673f1a61262022-02-14 10:54:35.930root 11241100x80000000000000002047496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d361da22786224b22022-02-14 10:54:35.930root 11241100x80000000000000002047497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925d956fdd4babca2022-02-14 10:54:36.430root 11241100x80000000000000002047498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac113868224be6582022-02-14 10:54:36.430root 11241100x80000000000000002047499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1334010f549ab3b2022-02-14 10:54:36.430root 11241100x80000000000000002047500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e438f55ec3edc052022-02-14 10:54:36.430root 11241100x80000000000000002047501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1e7c3c480e87f72022-02-14 10:54:36.431root 11241100x80000000000000002047502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b367cee94243b72022-02-14 10:54:36.431root 11241100x80000000000000002047503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5092f5c2881e4e92022-02-14 10:54:36.431root 11241100x80000000000000002047504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc559cb8fb040352022-02-14 10:54:36.431root 11241100x80000000000000002047505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d583e53f0b49657a2022-02-14 10:54:36.431root 11241100x80000000000000002047506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f433c38c07cc4ba82022-02-14 10:54:36.431root 11241100x80000000000000002047507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86f34b70369b50d2022-02-14 10:54:36.431root 11241100x80000000000000002047508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698cef24335c5e692022-02-14 10:54:36.930root 11241100x80000000000000002047509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33ab7f51e0923ab2022-02-14 10:54:36.930root 11241100x80000000000000002047510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5c1e79056076fc2022-02-14 10:54:36.930root 11241100x80000000000000002047511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb61ab779e3ce752022-02-14 10:54:36.930root 11241100x80000000000000002047512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defc7424f2e88aa22022-02-14 10:54:36.930root 11241100x80000000000000002047513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bed9bd7bacd0df2022-02-14 10:54:36.930root 11241100x80000000000000002047514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8b8f3150c27bd52022-02-14 10:54:36.931root 11241100x80000000000000002047515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f75867ebedaf40f2022-02-14 10:54:36.931root 11241100x80000000000000002047516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bc84157411e1242022-02-14 10:54:36.931root 11241100x80000000000000002047517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a08a7a63349f072022-02-14 10:54:36.931root 11241100x80000000000000002047518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69b3c9c9cbba1542022-02-14 10:54:36.931root 11241100x80000000000000002047519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72d2ad78d86755e2022-02-14 10:54:37.430root 11241100x80000000000000002047520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014aedde08a6a71c2022-02-14 10:54:37.430root 11241100x80000000000000002047521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb402535025aa572022-02-14 10:54:37.430root 11241100x80000000000000002047522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f617a740fa6bd00d2022-02-14 10:54:37.430root 11241100x80000000000000002047523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72647113a3245b312022-02-14 10:54:37.430root 11241100x80000000000000002047524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97707439f55785e12022-02-14 10:54:37.430root 11241100x80000000000000002047525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f2a836212d06a92022-02-14 10:54:37.430root 11241100x80000000000000002047526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a92d413571041f2022-02-14 10:54:37.430root 11241100x80000000000000002047527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9f7cbcbe6d962a2022-02-14 10:54:37.430root 11241100x80000000000000002047528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768c40a62013aad12022-02-14 10:54:37.430root 11241100x80000000000000002047529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f2ecc0417b0a0d2022-02-14 10:54:37.431root 11241100x80000000000000002047530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d32255b0daf2d82022-02-14 10:54:37.930root 11241100x80000000000000002047531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8db7378ac42a622022-02-14 10:54:37.930root 11241100x80000000000000002047532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f16da738ab989172022-02-14 10:54:37.930root 11241100x80000000000000002047533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f829ab265af7162022-02-14 10:54:37.931root 11241100x80000000000000002047534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223a65fa40e95fad2022-02-14 10:54:37.931root 11241100x80000000000000002047535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff503eb93ca87dad2022-02-14 10:54:37.932root 11241100x80000000000000002047536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b682729a4917832022-02-14 10:54:37.932root 11241100x80000000000000002047537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e1e82c041d206d2022-02-14 10:54:37.932root 11241100x80000000000000002047538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7f880165bf18542022-02-14 10:54:37.932root 11241100x80000000000000002047539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a259e0e0ee21dfe2022-02-14 10:54:37.932root 11241100x80000000000000002047540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0ffe3a2358e9a42022-02-14 10:54:37.932root 354300x80000000000000002047541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.170{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54638-false10.0.1.12-8000- 11241100x80000000000000002047542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30430897937e196c2022-02-14 10:54:38.430root 11241100x80000000000000002047543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06244dfc0e12d3672022-02-14 10:54:38.430root 11241100x80000000000000002047544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a4e779f70655452022-02-14 10:54:38.430root 11241100x80000000000000002047545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaede8581b26b592022-02-14 10:54:38.430root 11241100x80000000000000002047546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5678dc1fddfd82ec2022-02-14 10:54:38.430root 11241100x80000000000000002047547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d16e5c8a5afac42022-02-14 10:54:38.430root 11241100x80000000000000002047548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f19ad4f26b14d012022-02-14 10:54:38.430root 11241100x80000000000000002047549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4339cfa16111c0352022-02-14 10:54:38.431root 11241100x80000000000000002047550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6942cb68a7e423a62022-02-14 10:54:38.431root 11241100x80000000000000002047551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9769726bb708470b2022-02-14 10:54:38.431root 11241100x80000000000000002047552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461e6af89a45d02a2022-02-14 10:54:38.431root 11241100x80000000000000002047553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026f72460fb2f2242022-02-14 10:54:38.431root 11241100x80000000000000002047554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f439940df4cfbd2022-02-14 10:54:38.930root 11241100x80000000000000002047555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4b44f74f8ff9d62022-02-14 10:54:38.930root 11241100x80000000000000002047556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a30f7434a9ea522022-02-14 10:54:38.930root 11241100x80000000000000002047557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d74ac522796b30e2022-02-14 10:54:38.930root 11241100x80000000000000002047558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe9382ec6a620fa2022-02-14 10:54:38.930root 11241100x80000000000000002047559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2187ba6d84ca092022-02-14 10:54:38.930root 11241100x80000000000000002047560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f617abc055367182022-02-14 10:54:38.930root 11241100x80000000000000002047561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e58a222fba4f9ea2022-02-14 10:54:38.931root 11241100x80000000000000002047562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53e1af20a37611a2022-02-14 10:54:38.931root 11241100x80000000000000002047563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcd5bf5b8e85e8b2022-02-14 10:54:38.931root 11241100x80000000000000002047564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a93a0c39cc10b192022-02-14 10:54:38.931root 11241100x80000000000000002047565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:38.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70be475ea49c41062022-02-14 10:54:38.931root 11241100x80000000000000002047566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b561b39aada58d2022-02-14 10:54:39.430root 11241100x80000000000000002047567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72b9e2610cfeb372022-02-14 10:54:39.430root 11241100x80000000000000002047568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46c454de08f14912022-02-14 10:54:39.430root 11241100x80000000000000002047569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c79a42ef388b782022-02-14 10:54:39.430root 11241100x80000000000000002047570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a89081eececbd02022-02-14 10:54:39.430root 11241100x80000000000000002047571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaecafb20bca8d382022-02-14 10:54:39.431root 11241100x80000000000000002047572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701263358f6b80632022-02-14 10:54:39.431root 11241100x80000000000000002047573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aabbcbb8e81487d2022-02-14 10:54:39.431root 11241100x80000000000000002047574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d965f0e41ea5422022-02-14 10:54:39.431root 11241100x80000000000000002047575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440dd74f9281b40a2022-02-14 10:54:39.431root 11241100x80000000000000002047576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6793027a55c5b3b2022-02-14 10:54:39.431root 11241100x80000000000000002047577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7502f3cf3514598f2022-02-14 10:54:39.431root 11241100x80000000000000002047578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabfb309de62aa4b2022-02-14 10:54:39.930root 11241100x80000000000000002047579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ecbab9af1cc7b82022-02-14 10:54:39.930root 11241100x80000000000000002047580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546fdc99a4eb548b2022-02-14 10:54:39.930root 11241100x80000000000000002047581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2de5641629fa60c2022-02-14 10:54:39.930root 11241100x80000000000000002047582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecba79d6d2a537b2022-02-14 10:54:39.930root 11241100x80000000000000002047583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6597a6f579c91d2022-02-14 10:54:39.930root 11241100x80000000000000002047584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51399754e5de54ec2022-02-14 10:54:39.931root 11241100x80000000000000002047585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef71e049d8b4ad2d2022-02-14 10:54:39.931root 11241100x80000000000000002047586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69149cb67a9802102022-02-14 10:54:39.932root 11241100x80000000000000002047587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfdef7057f955272022-02-14 10:54:39.932root 11241100x80000000000000002047588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cb16b7b18f25202022-02-14 10:54:39.932root 11241100x80000000000000002047589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38107307c7b3bba2022-02-14 10:54:39.932root 11241100x80000000000000002047590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.015{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 10:54:40.015root 11241100x80000000000000002047591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b749356af1140d4e2022-02-14 10:54:40.430root 11241100x80000000000000002047592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a8383a44e43d0b2022-02-14 10:54:40.430root 11241100x80000000000000002047593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc2cd0004c0cefb2022-02-14 10:54:40.430root 11241100x80000000000000002047594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413e425bf1ce50612022-02-14 10:54:40.431root 11241100x80000000000000002047595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7cadc7f3e75e652022-02-14 10:54:40.431root 11241100x80000000000000002047596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c39c13f7adcd83c2022-02-14 10:54:40.431root 11241100x80000000000000002047597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67379e1f966437ef2022-02-14 10:54:40.431root 11241100x80000000000000002047598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9eef083b6a0c752022-02-14 10:54:40.431root 11241100x80000000000000002047599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6894205bfd89f3922022-02-14 10:54:40.432root 11241100x80000000000000002047600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db25c7b808b569c52022-02-14 10:54:40.432root 11241100x80000000000000002047601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d701f555a81e66512022-02-14 10:54:40.432root 11241100x80000000000000002047602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19cf5bc4e116c282022-02-14 10:54:40.432root 11241100x80000000000000002047603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f0e478958c3ffa2022-02-14 10:54:40.432root 11241100x80000000000000002047604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7748a339dfdee12022-02-14 10:54:40.930root 11241100x80000000000000002047605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71d210d29f1d7b32022-02-14 10:54:40.930root 11241100x80000000000000002047606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017a3efd463772812022-02-14 10:54:40.930root 11241100x80000000000000002047607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad948b793efe69b82022-02-14 10:54:40.930root 11241100x80000000000000002047608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052759600afa5ecd2022-02-14 10:54:40.930root 11241100x80000000000000002047609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae687353469997a42022-02-14 10:54:40.930root 11241100x80000000000000002047610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5960f43c2bbe502022-02-14 10:54:40.930root 11241100x80000000000000002047611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055b6a0d144452652022-02-14 10:54:40.931root 11241100x80000000000000002047612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c615ddac0506aeeb2022-02-14 10:54:40.931root 11241100x80000000000000002047613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a1201e6a20c2242022-02-14 10:54:40.931root 11241100x80000000000000002047614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d633ddc951da022022-02-14 10:54:40.931root 11241100x80000000000000002047615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6c2a64cde8bf512022-02-14 10:54:40.931root 11241100x80000000000000002047616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391450d2a90f815c2022-02-14 10:54:40.931root 11241100x80000000000000002047617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa2ea2c69d3037e2022-02-14 10:54:41.430root 11241100x80000000000000002047618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74b8e1dae0b8bdc2022-02-14 10:54:41.430root 11241100x80000000000000002047619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423a1f2141bd0d6b2022-02-14 10:54:41.430root 11241100x80000000000000002047620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e99e18f4851875e2022-02-14 10:54:41.430root 11241100x80000000000000002047621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505c53e5137645552022-02-14 10:54:41.430root 11241100x80000000000000002047622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33b7028b84866e02022-02-14 10:54:41.430root 11241100x80000000000000002047623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329292b355d3a9812022-02-14 10:54:41.430root 11241100x80000000000000002047624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32549e708595eb92022-02-14 10:54:41.430root 11241100x80000000000000002047625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f62d19fe568c1302022-02-14 10:54:41.430root 11241100x80000000000000002047626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6681ec7c4cb757f42022-02-14 10:54:41.430root 11241100x80000000000000002047627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de07b02f17ad9ed2022-02-14 10:54:41.431root 11241100x80000000000000002047628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f76ea78f4ee47f2022-02-14 10:54:41.431root 11241100x80000000000000002047629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97239f5a35f37f2f2022-02-14 10:54:41.431root 11241100x80000000000000002047630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e623e631e288b6842022-02-14 10:54:41.930root 11241100x80000000000000002047631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4d1940c54493f82022-02-14 10:54:41.930root 11241100x80000000000000002047632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74edf890ee910102022-02-14 10:54:41.930root 11241100x80000000000000002047633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed8b32bece6e9c52022-02-14 10:54:41.930root 11241100x80000000000000002047634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ca2d6965e856292022-02-14 10:54:41.930root 11241100x80000000000000002047635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24ebddb606b22992022-02-14 10:54:41.930root 11241100x80000000000000002047636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7fce1658a850542022-02-14 10:54:41.930root 11241100x80000000000000002047637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9353a4d4636264c2022-02-14 10:54:41.930root 11241100x80000000000000002047638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b6b21a7ca43e342022-02-14 10:54:41.931root 11241100x80000000000000002047639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbaaef49a2dfe7e2022-02-14 10:54:41.931root 11241100x80000000000000002047640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdd780fa67b00552022-02-14 10:54:41.931root 11241100x80000000000000002047641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92c2f0dca9c14792022-02-14 10:54:41.931root 11241100x80000000000000002047642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f131b1fdb78662012022-02-14 10:54:41.931root 11241100x80000000000000002047643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350223e1f65c1fa82022-02-14 10:54:42.429root 11241100x80000000000000002047644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a890dc98cd2b8b032022-02-14 10:54:42.430root 11241100x80000000000000002047645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995e067d1f2a813b2022-02-14 10:54:42.430root 11241100x80000000000000002047646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c25ff690b671b402022-02-14 10:54:42.430root 11241100x80000000000000002047647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb527092ef4d0772022-02-14 10:54:42.430root 11241100x80000000000000002047648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc81247a58cb41b12022-02-14 10:54:42.430root 11241100x80000000000000002047649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475e2b7dbd396a9f2022-02-14 10:54:42.431root 11241100x80000000000000002047650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7145c9836292349f2022-02-14 10:54:42.431root 11241100x80000000000000002047651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ab514dbcd448ea2022-02-14 10:54:42.431root 11241100x80000000000000002047652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3e8bd8de1b90072022-02-14 10:54:42.431root 11241100x80000000000000002047653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8c860e58d2c2bd2022-02-14 10:54:42.432root 11241100x80000000000000002047654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413b2d8ed140d69c2022-02-14 10:54:42.432root 11241100x80000000000000002047655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b37f7006541d572022-02-14 10:54:42.432root 11241100x80000000000000002047656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4133eaa416a9417e2022-02-14 10:54:42.930root 11241100x80000000000000002047657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4fa6b6c83f9ade2022-02-14 10:54:42.930root 11241100x80000000000000002047658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635fc3e2280fff162022-02-14 10:54:42.930root 11241100x80000000000000002047659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db7610342cf9d602022-02-14 10:54:42.931root 11241100x80000000000000002047660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bd880b5b9fff642022-02-14 10:54:42.931root 11241100x80000000000000002047661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbb8a74441a22932022-02-14 10:54:42.931root 11241100x80000000000000002047662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2624620532ba49a02022-02-14 10:54:42.931root 11241100x80000000000000002047663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404264f31b21b58a2022-02-14 10:54:42.931root 11241100x80000000000000002047664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873b8448ba4109e02022-02-14 10:54:42.931root 11241100x80000000000000002047665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e515feade8aad5402022-02-14 10:54:42.932root 11241100x80000000000000002047666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45d4bb4a95b38212022-02-14 10:54:42.932root 11241100x80000000000000002047667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca77035ac6995052022-02-14 10:54:42.932root 11241100x80000000000000002047668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:42.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f54f64f27324e32022-02-14 10:54:42.932root 23542300x80000000000000002047669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.016{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002047670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.207{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54640-false10.0.1.12-8000- 11241100x80000000000000002047671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b29f1e402acf142022-02-14 10:54:43.208root 11241100x80000000000000002047672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24244d0f132cf2a62022-02-14 10:54:43.208root 11241100x80000000000000002047673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b221e9181f77dec02022-02-14 10:54:43.208root 11241100x80000000000000002047674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352936654bca56952022-02-14 10:54:43.208root 11241100x80000000000000002047675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7808e06cecef2f012022-02-14 10:54:43.208root 11241100x80000000000000002047676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c83d6b78fc9f072022-02-14 10:54:43.208root 11241100x80000000000000002047677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f76c327f41d7042022-02-14 10:54:43.208root 11241100x80000000000000002047678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2afe22b72dca102022-02-14 10:54:43.208root 11241100x80000000000000002047679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ade11590b3fe58c2022-02-14 10:54:43.209root 11241100x80000000000000002047680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608c1d0312de09a02022-02-14 10:54:43.209root 11241100x80000000000000002047681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eca4898bfb2ba122022-02-14 10:54:43.209root 11241100x80000000000000002047682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e6370866f8233e2022-02-14 10:54:43.209root 11241100x80000000000000002047683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd9cc6964c5cb922022-02-14 10:54:43.209root 11241100x80000000000000002047684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314dc41d1385a0802022-02-14 10:54:43.209root 11241100x80000000000000002047685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d306b004152d8ca2022-02-14 10:54:43.209root 11241100x80000000000000002047686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a28c3b83e71ed32022-02-14 10:54:43.680root 11241100x80000000000000002047687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bc5ae716eed6752022-02-14 10:54:43.680root 11241100x80000000000000002047688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91bca7027b8f3e92022-02-14 10:54:43.680root 11241100x80000000000000002047689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d195fd0e838b27c2022-02-14 10:54:43.680root 11241100x80000000000000002047690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddb931a5b8d2c152022-02-14 10:54:43.680root 11241100x80000000000000002047691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bcd5c23cd7b3e52022-02-14 10:54:43.680root 11241100x80000000000000002047692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2b1f8b26f187a82022-02-14 10:54:43.680root 11241100x80000000000000002047693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2219a80e5b443c2022-02-14 10:54:43.681root 11241100x80000000000000002047694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92d0e0f6b964a242022-02-14 10:54:43.681root 11241100x80000000000000002047695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8977b05ed6b527532022-02-14 10:54:43.681root 11241100x80000000000000002047696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6666c31ba556efd2022-02-14 10:54:43.681root 11241100x80000000000000002047697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91aa4d145bc584a72022-02-14 10:54:43.681root 11241100x80000000000000002047698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc236690a723ca32022-02-14 10:54:43.681root 11241100x80000000000000002047699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413a493cf579cc5d2022-02-14 10:54:43.682root 11241100x80000000000000002047700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc0e524d071b93e2022-02-14 10:54:43.682root 154100x80000000000000002047701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.013{ec2ab09f-34f4-620a-68a4-e0adfc550000}2404/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2ab09f-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}871--- 11241100x80000000000000002047702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.014{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c8233cc880e9e32022-02-14 10:54:44.014root 11241100x80000000000000002047703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340958915dc9493c2022-02-14 10:54:44.015root 11241100x80000000000000002047704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4e2dbba4ac53332022-02-14 10:54:44.015root 11241100x80000000000000002047705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4560ee397b35162022-02-14 10:54:44.015root 11241100x80000000000000002047706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3726847e1db9f482022-02-14 10:54:44.015root 11241100x80000000000000002047707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f593439a78d1ddb72022-02-14 10:54:44.016root 11241100x80000000000000002047708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d850133b933bc532022-02-14 10:54:44.016root 11241100x80000000000000002047709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26970f8a28e168d2022-02-14 10:54:44.016root 11241100x80000000000000002047710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705c13f99c9704bf2022-02-14 10:54:44.016root 11241100x80000000000000002047711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8356ab41be7dc22022-02-14 10:54:44.016root 11241100x80000000000000002047712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3acc7440d360f82022-02-14 10:54:44.016root 11241100x80000000000000002047713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb052e701d5af0e02022-02-14 10:54:44.016root 11241100x80000000000000002047714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db785fedc1fa1fc2022-02-14 10:54:44.016root 11241100x80000000000000002047715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774f5efc561bf9b52022-02-14 10:54:44.016root 11241100x80000000000000002047716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a90e1d1fe735fd92022-02-14 10:54:44.017root 11241100x80000000000000002047717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdc35ee3d423b172022-02-14 10:54:44.017root 11241100x80000000000000002047718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb83c047efc8ef2022-02-14 10:54:44.017root 11241100x80000000000000002047719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442d393439a8aee22022-02-14 10:54:44.017root 534500x80000000000000002047720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.037{ec2ab09f-34f4-620a-68a4-e0adfc550000}2404/bin/psroot 11241100x80000000000000002047721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c985219dce0689bf2022-02-14 10:54:44.429root 11241100x80000000000000002047722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e04c9fde6064222022-02-14 10:54:44.430root 11241100x80000000000000002047723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f1c0bddd3a9b302022-02-14 10:54:44.430root 11241100x80000000000000002047724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ea355cf71fa2e62022-02-14 10:54:44.430root 11241100x80000000000000002047725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c515591d8eef612022-02-14 10:54:44.431root 11241100x80000000000000002047726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc418bbe4c119842022-02-14 10:54:44.431root 11241100x80000000000000002047727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a22b1a53c7848512022-02-14 10:54:44.431root 11241100x80000000000000002047728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff9db231c9863ab2022-02-14 10:54:44.431root 11241100x80000000000000002047729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41f6e9d960d18302022-02-14 10:54:44.433root 11241100x80000000000000002047730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408e829e5b5f75e32022-02-14 10:54:44.433root 11241100x80000000000000002047731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4e757c2eb4bf8f2022-02-14 10:54:44.434root 11241100x80000000000000002047732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e2b13ea06bca552022-02-14 10:54:44.434root 11241100x80000000000000002047733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9df8ad61c055be2022-02-14 10:54:44.434root 11241100x80000000000000002047734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc918627efbdde772022-02-14 10:54:44.434root 11241100x80000000000000002047735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337e09850b4db5a02022-02-14 10:54:44.434root 11241100x80000000000000002047736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a165ca3818dac01a2022-02-14 10:54:44.434root 11241100x80000000000000002047737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85d98e47bdd87fc2022-02-14 10:54:44.435root 11241100x80000000000000002047738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ba6bcbcb2f3b992022-02-14 10:54:44.930root 11241100x80000000000000002047739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c2e313f14168472022-02-14 10:54:44.930root 11241100x80000000000000002047740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499d3b837e9a9b3e2022-02-14 10:54:44.931root 11241100x80000000000000002047741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fa9899a5285b1f2022-02-14 10:54:44.931root 11241100x80000000000000002047742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7535a2770aade282022-02-14 10:54:44.931root 11241100x80000000000000002047743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e0acfb611b424e2022-02-14 10:54:44.931root 11241100x80000000000000002047744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f5bf4dfdf654122022-02-14 10:54:44.931root 11241100x80000000000000002047745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de2e1d9ba353bc52022-02-14 10:54:44.931root 11241100x80000000000000002047746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdc2f2fff8970722022-02-14 10:54:44.931root 11241100x80000000000000002047747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ca0a7ad50557492022-02-14 10:54:44.931root 11241100x80000000000000002047748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa10b488bb6333cf2022-02-14 10:54:44.931root 11241100x80000000000000002047749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7182f7807029820b2022-02-14 10:54:44.932root 11241100x80000000000000002047750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faaa88005622c662022-02-14 10:54:44.932root 11241100x80000000000000002047751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6a0a603e4429da2022-02-14 10:54:44.932root 11241100x80000000000000002047752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d505e0463715ad672022-02-14 10:54:44.932root 11241100x80000000000000002047753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2333c95f9e1dd4ef2022-02-14 10:54:44.932root 11241100x80000000000000002047754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:44.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29869406a478e3722022-02-14 10:54:44.932root 11241100x80000000000000002047755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6990cac085967ed02022-02-14 10:54:45.430root 11241100x80000000000000002047756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e904594c7035aa882022-02-14 10:54:45.430root 11241100x80000000000000002047757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01935de04b672ef82022-02-14 10:54:45.430root 11241100x80000000000000002047758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039ef05cff0b81d02022-02-14 10:54:45.430root 11241100x80000000000000002047759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dde102cf4675602022-02-14 10:54:45.430root 11241100x80000000000000002047760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35db2392bc777002022-02-14 10:54:45.431root 11241100x80000000000000002047761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d652c3f85f622cd2022-02-14 10:54:45.431root 11241100x80000000000000002047762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bcee1442d6a25e2022-02-14 10:54:45.431root 11241100x80000000000000002047763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527e2c0b63c6e4432022-02-14 10:54:45.431root 11241100x80000000000000002047764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3929bae0aa4b90552022-02-14 10:54:45.431root 11241100x80000000000000002047765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a719bc47ee965f7b2022-02-14 10:54:45.431root 11241100x80000000000000002047766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7547820a51baeab2022-02-14 10:54:45.431root 11241100x80000000000000002047767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd05e666726d5e062022-02-14 10:54:45.431root 11241100x80000000000000002047768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d12120a770b933d2022-02-14 10:54:45.432root 11241100x80000000000000002047769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c937ac808a2b5c062022-02-14 10:54:45.432root 11241100x80000000000000002047770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba963c5ac44c4e002022-02-14 10:54:45.432root 11241100x80000000000000002047771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba123d0911b780762022-02-14 10:54:45.432root 11241100x80000000000000002047772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa9c3d7d29c01f22022-02-14 10:54:45.930root 11241100x80000000000000002047773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d89fbfaeaf304f12022-02-14 10:54:45.930root 11241100x80000000000000002047774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b74f017af82b3d2022-02-14 10:54:45.930root 11241100x80000000000000002047775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7e17458e3a0f3b2022-02-14 10:54:45.930root 11241100x80000000000000002047776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81ff087c7e5e4132022-02-14 10:54:45.931root 11241100x80000000000000002047777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee4a495ab455b882022-02-14 10:54:45.931root 11241100x80000000000000002047778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec195bfe6527d4c2022-02-14 10:54:45.931root 11241100x80000000000000002047779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4273234d37cdc7f02022-02-14 10:54:45.931root 11241100x80000000000000002047780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf7847f97a543ed2022-02-14 10:54:45.931root 11241100x80000000000000002047781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ada0f8dbc3fe3012022-02-14 10:54:45.931root 11241100x80000000000000002047782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd3b1c94a6b8b912022-02-14 10:54:45.931root 11241100x80000000000000002047783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255a6151a66a386c2022-02-14 10:54:45.931root 11241100x80000000000000002047784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade0dabcb16f2e72022-02-14 10:54:45.931root 11241100x80000000000000002047785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e051739a7bdba722022-02-14 10:54:45.931root 11241100x80000000000000002047786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59103b712b9d9f472022-02-14 10:54:45.932root 11241100x80000000000000002047787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e30fc6df8818fb82022-02-14 10:54:45.932root 11241100x80000000000000002047788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066b53d5b56c7e452022-02-14 10:54:45.932root 11241100x80000000000000002047789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff442563a059a72d2022-02-14 10:54:46.430root 11241100x80000000000000002047790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afaf1f3d483a7c52022-02-14 10:54:46.430root 11241100x80000000000000002047791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f7121c992729f52022-02-14 10:54:46.430root 11241100x80000000000000002047792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ba2dc1cd326c2e2022-02-14 10:54:46.430root 11241100x80000000000000002047793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e99a4a32e8460672022-02-14 10:54:46.430root 11241100x80000000000000002047794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee74aba35f781422022-02-14 10:54:46.431root 11241100x80000000000000002047795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9a17ae710ade5a2022-02-14 10:54:46.431root 11241100x80000000000000002047796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d700aab88870ad2022-02-14 10:54:46.431root 11241100x80000000000000002047797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab08f167f536ece2022-02-14 10:54:46.431root 11241100x80000000000000002047798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb679771ebd516b2022-02-14 10:54:46.431root 11241100x80000000000000002047799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257d766d2bf6873f2022-02-14 10:54:46.431root 11241100x80000000000000002047800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fdbc9e9d555f0f2022-02-14 10:54:46.431root 11241100x80000000000000002047801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d2f9e21770fec12022-02-14 10:54:46.431root 11241100x80000000000000002047802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c30a8c762f4c2772022-02-14 10:54:46.431root 11241100x80000000000000002047803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f66fc90462c7f922022-02-14 10:54:46.431root 11241100x80000000000000002047804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d0073fc8ea81472022-02-14 10:54:46.432root 11241100x80000000000000002047805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7872accf71250c602022-02-14 10:54:46.432root 11241100x80000000000000002047806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8736d416806d262022-02-14 10:54:46.930root 11241100x80000000000000002047807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7565e42018e02092022-02-14 10:54:46.930root 11241100x80000000000000002047808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4612f986877573e2022-02-14 10:54:46.930root 11241100x80000000000000002047809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffc9d8bd332e5bb2022-02-14 10:54:46.930root 11241100x80000000000000002047810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f24059755a47a9d2022-02-14 10:54:46.930root 11241100x80000000000000002047811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed01e412fa4d5982022-02-14 10:54:46.930root 11241100x80000000000000002047812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340e1cccaf232d142022-02-14 10:54:46.931root 11241100x80000000000000002047813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acacd1f1daf9ff82022-02-14 10:54:46.931root 11241100x80000000000000002047814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1564b1cede19b62022-02-14 10:54:46.931root 11241100x80000000000000002047815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e656c3066608145e2022-02-14 10:54:46.931root 11241100x80000000000000002047816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e885bfc49ab7a62022-02-14 10:54:46.931root 11241100x80000000000000002047817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c6821b90f3c7392022-02-14 10:54:46.931root 11241100x80000000000000002047818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfac4a3f602c129e2022-02-14 10:54:46.931root 11241100x80000000000000002047819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba5599ba57cde732022-02-14 10:54:46.931root 11241100x80000000000000002047820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e034bbc9cb6c47092022-02-14 10:54:46.931root 11241100x80000000000000002047821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98745c2433ed25882022-02-14 10:54:46.931root 11241100x80000000000000002047822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057b1cc2980e0d712022-02-14 10:54:46.932root 11241100x80000000000000002047823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa66472b6ed6b1372022-02-14 10:54:47.430root 11241100x80000000000000002047824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa2201ec3ca28842022-02-14 10:54:47.430root 11241100x80000000000000002047825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678542ef18424eb12022-02-14 10:54:47.430root 11241100x80000000000000002047826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35524f63315a16402022-02-14 10:54:47.430root 11241100x80000000000000002047827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20a671377dfa3b52022-02-14 10:54:47.430root 11241100x80000000000000002047828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8b5a01e042c6002022-02-14 10:54:47.431root 11241100x80000000000000002047829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b705ce5111c9ddbe2022-02-14 10:54:47.431root 11241100x80000000000000002047830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd8e32440debe182022-02-14 10:54:47.431root 11241100x80000000000000002047831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb327598f35438a2022-02-14 10:54:47.431root 11241100x80000000000000002047832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05daef19ab3b8ecc2022-02-14 10:54:47.431root 11241100x80000000000000002047833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ae939c8eeb88c22022-02-14 10:54:47.431root 11241100x80000000000000002047834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b300046f7fe3cbf52022-02-14 10:54:47.431root 11241100x80000000000000002047835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41d24a2352a61452022-02-14 10:54:47.431root 11241100x80000000000000002047836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eb3a4851d2cadf2022-02-14 10:54:47.431root 11241100x80000000000000002047837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528404aa3a0b36692022-02-14 10:54:47.431root 11241100x80000000000000002047838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec2c28abaeaa3ae2022-02-14 10:54:47.431root 11241100x80000000000000002047839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00bbe683839faef2022-02-14 10:54:47.431root 11241100x80000000000000002047840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c83ed7ef8af2702022-02-14 10:54:47.929root 11241100x80000000000000002047841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01eafc855401e0442022-02-14 10:54:47.930root 11241100x80000000000000002047842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b79a5758d4f4d772022-02-14 10:54:47.930root 11241100x80000000000000002047843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d3ae7aed664fbe2022-02-14 10:54:47.930root 11241100x80000000000000002047844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7114c80e78e1a9c22022-02-14 10:54:47.930root 11241100x80000000000000002047845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce1ed8c696d3ead2022-02-14 10:54:47.930root 11241100x80000000000000002047846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c5bdc892818d022022-02-14 10:54:47.930root 11241100x80000000000000002047847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcf94a9495ca9c52022-02-14 10:54:47.931root 11241100x80000000000000002047848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758f5541877ce1932022-02-14 10:54:47.931root 11241100x80000000000000002047849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdb81a8058a316f2022-02-14 10:54:47.931root 11241100x80000000000000002047850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d50772fcbe8ab2e2022-02-14 10:54:47.931root 11241100x80000000000000002047851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092c8f0f2c629ef22022-02-14 10:54:47.931root 11241100x80000000000000002047852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154554a10e721b1d2022-02-14 10:54:47.931root 11241100x80000000000000002047853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26869f45cd32d922022-02-14 10:54:47.931root 11241100x80000000000000002047854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c140386bead923c2022-02-14 10:54:47.931root 11241100x80000000000000002047855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7529e68a020284402022-02-14 10:54:47.931root 11241100x80000000000000002047856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62363f9c8f64b6202022-02-14 10:54:47.931root 11241100x80000000000000002047857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da3703b955722042022-02-14 10:54:47.932root 11241100x80000000000000002047858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:47.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddaed4ab41eddd1c2022-02-14 10:54:47.932root 11241100x80000000000000002047859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6180183ad4d6719c2022-02-14 10:54:48.430root 11241100x80000000000000002047860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15881176d7cad94c2022-02-14 10:54:48.430root 11241100x80000000000000002047861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc4b85787d588392022-02-14 10:54:48.430root 11241100x80000000000000002047862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59770d56fdea3b1a2022-02-14 10:54:48.431root 11241100x80000000000000002047863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02597b2e77b51d6f2022-02-14 10:54:48.431root 11241100x80000000000000002047864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fd55c53f2f27112022-02-14 10:54:48.431root 11241100x80000000000000002047865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204ddd4a24d41aea2022-02-14 10:54:48.431root 11241100x80000000000000002047866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f4eed8ed19d45d2022-02-14 10:54:48.431root 11241100x80000000000000002047867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf31671ff786d7342022-02-14 10:54:48.431root 11241100x80000000000000002047868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ea4b92cc78aacc2022-02-14 10:54:48.431root 11241100x80000000000000002047869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1df258b80f95ae02022-02-14 10:54:48.431root 11241100x80000000000000002047870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78c0fa2fc539fdc2022-02-14 10:54:48.431root 11241100x80000000000000002047871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d41801abddf5f52022-02-14 10:54:48.432root 11241100x80000000000000002047872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee23015d8d5adb22022-02-14 10:54:48.432root 11241100x80000000000000002047873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b08c5d9719142d2022-02-14 10:54:48.432root 11241100x80000000000000002047874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0628a5a1136d415d2022-02-14 10:54:48.433root 11241100x80000000000000002047875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8102a9b76740f3d2022-02-14 10:54:48.434root 11241100x80000000000000002047876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234c3fbf1b9fd0c42022-02-14 10:54:48.930root 11241100x80000000000000002047877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04a9975162e0e562022-02-14 10:54:48.930root 11241100x80000000000000002047878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cb2d3a9236bd122022-02-14 10:54:48.930root 11241100x80000000000000002047879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e755cec4234c5072022-02-14 10:54:48.930root 11241100x80000000000000002047880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dbb20fef30fc792022-02-14 10:54:48.930root 11241100x80000000000000002047881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bca49e15e5dc1942022-02-14 10:54:48.930root 11241100x80000000000000002047882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b44f6cb48a134582022-02-14 10:54:48.930root 11241100x80000000000000002047883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a0d9a504802fa72022-02-14 10:54:48.930root 11241100x80000000000000002047884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6aa00f1020ee5f2022-02-14 10:54:48.930root 11241100x80000000000000002047885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3772edc193b17a62022-02-14 10:54:48.931root 11241100x80000000000000002047886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1379f2c31dd021b2022-02-14 10:54:48.931root 11241100x80000000000000002047887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6296fb43b8b91062022-02-14 10:54:48.931root 11241100x80000000000000002047888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900040f53967de342022-02-14 10:54:48.931root 11241100x80000000000000002047889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1344280b29e790eb2022-02-14 10:54:48.931root 11241100x80000000000000002047890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93909efd7cf88ff2022-02-14 10:54:48.931root 11241100x80000000000000002047891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78969c104130b0a52022-02-14 10:54:48.931root 11241100x80000000000000002047892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5414565fb06014bc2022-02-14 10:54:48.931root 354300x80000000000000002047893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.078{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54642-false10.0.1.12-8000- 11241100x80000000000000002047894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568707b59fa5b5812022-02-14 10:54:49.430root 11241100x80000000000000002047895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28394ef758264a52022-02-14 10:54:49.430root 11241100x80000000000000002047896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eea026fc8eb58752022-02-14 10:54:49.430root 11241100x80000000000000002047897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b902faaae25c1f122022-02-14 10:54:49.430root 11241100x80000000000000002047898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db93f946dfa34682022-02-14 10:54:49.430root 11241100x80000000000000002047899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e9d10fc496af452022-02-14 10:54:49.431root 11241100x80000000000000002047900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4004dda7626f5262022-02-14 10:54:49.431root 11241100x80000000000000002047901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa816a3d995868af2022-02-14 10:54:49.431root 11241100x80000000000000002047902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b879774d05441d2022-02-14 10:54:49.431root 11241100x80000000000000002047903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db02af2f300287bc2022-02-14 10:54:49.431root 11241100x80000000000000002047904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e727fb39d8d70a2022-02-14 10:54:49.431root 11241100x80000000000000002047905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7951219b2a423a2022-02-14 10:54:49.431root 11241100x80000000000000002047906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb4792338abdac32022-02-14 10:54:49.431root 11241100x80000000000000002047907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d14223ae242abf2022-02-14 10:54:49.431root 11241100x80000000000000002047908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e67afd8c8750f472022-02-14 10:54:49.431root 11241100x80000000000000002047909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e82216690d8b772022-02-14 10:54:49.431root 11241100x80000000000000002047910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a31767a3a5620f2022-02-14 10:54:49.431root 11241100x80000000000000002047911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e732ac474aacd34d2022-02-14 10:54:49.431root 11241100x80000000000000002047912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744c4209af1831ad2022-02-14 10:54:49.431root 11241100x80000000000000002047913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c930469607769162022-02-14 10:54:49.431root 11241100x80000000000000002047914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37244c84542ee122022-02-14 10:54:49.929root 11241100x80000000000000002047915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4438ae2b8662b72022-02-14 10:54:49.930root 11241100x80000000000000002047916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38a951c67e8a1832022-02-14 10:54:49.930root 11241100x80000000000000002047917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9842de8f839dd52022-02-14 10:54:49.930root 11241100x80000000000000002047918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4261e7b3d72e352022-02-14 10:54:49.930root 11241100x80000000000000002047919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061dedf76a0a35d82022-02-14 10:54:49.930root 11241100x80000000000000002047920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e36645b30775832022-02-14 10:54:49.931root 11241100x80000000000000002047921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c50ddf484726b962022-02-14 10:54:49.931root 11241100x80000000000000002047922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe27cab7bc4e4192022-02-14 10:54:49.931root 11241100x80000000000000002047923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c9f58eeb9957b32022-02-14 10:54:49.931root 11241100x80000000000000002047924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a17460b42068132022-02-14 10:54:49.931root 11241100x80000000000000002047925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f493dfd967d05bbc2022-02-14 10:54:49.931root 11241100x80000000000000002047926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc663d7e1326bd62022-02-14 10:54:49.931root 11241100x80000000000000002047927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6f264df5f320562022-02-14 10:54:49.932root 11241100x80000000000000002047928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c27106a28f205f72022-02-14 10:54:49.932root 11241100x80000000000000002047929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df299755b5d3dec32022-02-14 10:54:49.932root 11241100x80000000000000002047930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770d3d40bb9499e42022-02-14 10:54:49.932root 11241100x80000000000000002047931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4503913413d3a7f52022-02-14 10:54:49.932root 11241100x80000000000000002047932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4af21115401b3f2022-02-14 10:54:49.932root 11241100x80000000000000002047933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ae349ae1b9e6182022-02-14 10:54:49.933root 11241100x80000000000000002047934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d15b25c1a1bd612022-02-14 10:54:49.933root 11241100x80000000000000002047935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5edb1a9afbf4b22022-02-14 10:54:49.933root 11241100x80000000000000002047936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cfb51f747fa1ba2022-02-14 10:54:50.430root 11241100x80000000000000002047937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01e057a4ec915632022-02-14 10:54:50.430root 11241100x80000000000000002047938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbd2053ac2d28282022-02-14 10:54:50.430root 11241100x80000000000000002047939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2495bdb78b8714062022-02-14 10:54:50.430root 11241100x80000000000000002047940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ecfcf4f7dabbe02022-02-14 10:54:50.430root 11241100x80000000000000002047941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1b06509c8964722022-02-14 10:54:50.431root 11241100x80000000000000002047942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ed3ed6e9181de12022-02-14 10:54:50.431root 11241100x80000000000000002047943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0d6103b8eac0c32022-02-14 10:54:50.431root 11241100x80000000000000002047944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e13fa41b3139fa2022-02-14 10:54:50.431root 11241100x80000000000000002047945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc843200a0915252022-02-14 10:54:50.431root 11241100x80000000000000002047946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094654ad9b3e5ef32022-02-14 10:54:50.431root 11241100x80000000000000002047947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84e7fd702cf64752022-02-14 10:54:50.431root 11241100x80000000000000002047948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93912c33b688ea702022-02-14 10:54:50.431root 11241100x80000000000000002047949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110731f948fb69d22022-02-14 10:54:50.431root 11241100x80000000000000002047950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f718d0d491e60e692022-02-14 10:54:50.431root 11241100x80000000000000002047951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15522c5b02b6151e2022-02-14 10:54:50.431root 11241100x80000000000000002047952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d687af38acc8adf2022-02-14 10:54:50.431root 11241100x80000000000000002047953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae8b48d4fe260422022-02-14 10:54:50.431root 11241100x80000000000000002047954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358a18a38b8db5f22022-02-14 10:54:50.930root 11241100x80000000000000002047955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1821be4e042000552022-02-14 10:54:50.930root 11241100x80000000000000002047956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9859bb4abd6206d22022-02-14 10:54:50.930root 11241100x80000000000000002047957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c97b8e4141808b92022-02-14 10:54:50.930root 11241100x80000000000000002047958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63329425acab91f2022-02-14 10:54:50.931root 11241100x80000000000000002047959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7617b589f629f8df2022-02-14 10:54:50.931root 11241100x80000000000000002047960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b3a19fd73ad53b2022-02-14 10:54:50.931root 11241100x80000000000000002047961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaaff7ad18854982022-02-14 10:54:50.931root 11241100x80000000000000002047962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755a69de3fade4042022-02-14 10:54:50.931root 11241100x80000000000000002047963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a3fca2a6c7642e2022-02-14 10:54:50.931root 11241100x80000000000000002047964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4853f6525bbf7172022-02-14 10:54:50.931root 11241100x80000000000000002047965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69dc1545333e6f52022-02-14 10:54:50.931root 11241100x80000000000000002047966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd09fa91093630252022-02-14 10:54:50.931root 11241100x80000000000000002047967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9d5399030b99dc2022-02-14 10:54:50.931root 11241100x80000000000000002047968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b6f25ec57ce9f82022-02-14 10:54:50.931root 11241100x80000000000000002047969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa73db2989fdf812022-02-14 10:54:50.931root 11241100x80000000000000002047970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd2cdc6b4e3aae32022-02-14 10:54:50.931root 11241100x80000000000000002047971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9d36a9c1c3f9392022-02-14 10:54:50.932root 11241100x80000000000000002047972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f8676e9cd37d112022-02-14 10:54:51.430root 11241100x80000000000000002047973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ce10ad661109cb2022-02-14 10:54:51.432root 11241100x80000000000000002047974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21038a19c5fe7662022-02-14 10:54:51.432root 11241100x80000000000000002047975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f859d5c6473781232022-02-14 10:54:51.432root 11241100x80000000000000002047976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9e34ccde7afbb32022-02-14 10:54:51.432root 11241100x80000000000000002047977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83bf3706487143f2022-02-14 10:54:51.432root 11241100x80000000000000002047978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42e87b5bb80be1a2022-02-14 10:54:51.432root 11241100x80000000000000002047979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac7117175bc56742022-02-14 10:54:51.432root 11241100x80000000000000002047980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3e53d74faf137a2022-02-14 10:54:51.432root 11241100x80000000000000002047981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f1354e422de0b82022-02-14 10:54:51.432root 11241100x80000000000000002047982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939091529bb312792022-02-14 10:54:51.433root 11241100x80000000000000002047983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6276ee8aaab293ae2022-02-14 10:54:51.433root 11241100x80000000000000002047984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcf82b8a41138982022-02-14 10:54:51.433root 11241100x80000000000000002047985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89602b61bf74179c2022-02-14 10:54:51.433root 11241100x80000000000000002047986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cad116b1f3791c2022-02-14 10:54:51.433root 11241100x80000000000000002047987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f60c21898db5372022-02-14 10:54:51.433root 11241100x80000000000000002047988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449910171145f0322022-02-14 10:54:51.434root 11241100x80000000000000002047989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cca839aa1af24092022-02-14 10:54:51.434root 11241100x80000000000000002047990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56240efa157080382022-02-14 10:54:51.930root 11241100x80000000000000002047991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e007ac354b615f8f2022-02-14 10:54:51.930root 11241100x80000000000000002047992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6a019cc7e355a62022-02-14 10:54:51.930root 11241100x80000000000000002047993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd906b2bfb8350872022-02-14 10:54:51.930root 11241100x80000000000000002047994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07a3a7de061ec1d2022-02-14 10:54:51.931root 11241100x80000000000000002047995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af4cd8b15642a742022-02-14 10:54:51.931root 11241100x80000000000000002047996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d95a4932d24f732022-02-14 10:54:51.931root 11241100x80000000000000002047997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec6eaf9e98617072022-02-14 10:54:51.931root 11241100x80000000000000002047998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc7850054f14a662022-02-14 10:54:51.931root 11241100x80000000000000002047999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7266b9a32050c8c2022-02-14 10:54:51.931root 11241100x80000000000000002048000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6881bcf02e311732022-02-14 10:54:51.931root 11241100x80000000000000002048001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce722820ce775eae2022-02-14 10:54:51.931root 11241100x80000000000000002048002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b247a263c55eeb2022-02-14 10:54:51.931root 11241100x80000000000000002048003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bea28bcd5763d1f2022-02-14 10:54:51.931root 11241100x80000000000000002048004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ee2fc05c34c37f2022-02-14 10:54:51.932root 11241100x80000000000000002048005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76776440bd695f652022-02-14 10:54:51.932root 11241100x80000000000000002048006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e436bc1bdee636562022-02-14 10:54:51.932root 11241100x80000000000000002048007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ba40c24377162d2022-02-14 10:54:51.932root 11241100x80000000000000002048008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7755163f506be6ee2022-02-14 10:54:52.430root 11241100x80000000000000002048009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29aa5e898a52f5a62022-02-14 10:54:52.430root 11241100x80000000000000002048010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7527dfd11a1f1da32022-02-14 10:54:52.430root 11241100x80000000000000002048011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e259d4bdbe7a762b2022-02-14 10:54:52.430root 11241100x80000000000000002048012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d154cd526db386f62022-02-14 10:54:52.431root 11241100x80000000000000002048013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73033dd7b95c2f652022-02-14 10:54:52.431root 11241100x80000000000000002048014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c129e3a34aec57562022-02-14 10:54:52.431root 11241100x80000000000000002048015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f1cd78c3410e092022-02-14 10:54:52.431root 11241100x80000000000000002048016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f98ce3d22a11e802022-02-14 10:54:52.431root 11241100x80000000000000002048017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa7e0b505d8c9fb2022-02-14 10:54:52.431root 11241100x80000000000000002048018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bfc5a42dd8c6592022-02-14 10:54:52.431root 11241100x80000000000000002048019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cecc4de7d3725b2022-02-14 10:54:52.431root 11241100x80000000000000002048020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498e778cdf2e2a512022-02-14 10:54:52.431root 11241100x80000000000000002048021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc5c9026ab493ce2022-02-14 10:54:52.431root 11241100x80000000000000002048022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d9a4a5b41088612022-02-14 10:54:52.431root 11241100x80000000000000002048023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c365766f4e63a50a2022-02-14 10:54:52.432root 11241100x80000000000000002048024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0280b6192f98ffd2022-02-14 10:54:52.432root 11241100x80000000000000002048025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22275ae00269bc62022-02-14 10:54:52.432root 11241100x80000000000000002048026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5712617dc1c600bc2022-02-14 10:54:52.929root 11241100x80000000000000002048027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6488836ff511d42022-02-14 10:54:52.930root 11241100x80000000000000002048028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8fadc0888558d82022-02-14 10:54:52.930root 11241100x80000000000000002048029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47940048722231662022-02-14 10:54:52.930root 11241100x80000000000000002048030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9900916bea39f02022-02-14 10:54:52.930root 11241100x80000000000000002048031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1e64312811ba572022-02-14 10:54:52.930root 11241100x80000000000000002048032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38013ee41400e132022-02-14 10:54:52.930root 11241100x80000000000000002048033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab9f0f8a465b1272022-02-14 10:54:52.930root 11241100x80000000000000002048034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6082fd8fbca3d462022-02-14 10:54:52.931root 11241100x80000000000000002048035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f354fa74672f562022-02-14 10:54:52.931root 11241100x80000000000000002048036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c280e583d64a9ec42022-02-14 10:54:52.931root 11241100x80000000000000002048037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc80ef31e2510b42022-02-14 10:54:52.931root 11241100x80000000000000002048038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157688b5d04ec1f42022-02-14 10:54:52.931root 11241100x80000000000000002048039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520d12195cfa87af2022-02-14 10:54:52.931root 11241100x80000000000000002048040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c286ba2e1e39b54a2022-02-14 10:54:52.931root 11241100x80000000000000002048041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f47888ab3a4a04e2022-02-14 10:54:52.931root 11241100x80000000000000002048042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048a071dd73a11972022-02-14 10:54:52.931root 11241100x80000000000000002048043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3452655f211439f2022-02-14 10:54:52.931root 11241100x80000000000000002048044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44aac4b54f6febf2022-02-14 10:54:52.932root 11241100x80000000000000002048045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7109918530cac0502022-02-14 10:54:52.932root 11241100x80000000000000002048046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1a264984a5ce482022-02-14 10:54:52.932root 11241100x80000000000000002048047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af9014fc1405ec12022-02-14 10:54:52.932root 11241100x80000000000000002048048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8440209cdf0f5c2022-02-14 10:54:52.932root 11241100x80000000000000002048049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5b7eec450f3cae2022-02-14 10:54:52.932root 11241100x80000000000000002048050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c2f0d8fe1a409f2022-02-14 10:54:52.932root 11241100x80000000000000002048051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1800683cf4c8abc32022-02-14 10:54:53.430root 11241100x80000000000000002048052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e89d28872918ef02022-02-14 10:54:53.430root 11241100x80000000000000002048053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e93b7d2703e9f22022-02-14 10:54:53.430root 11241100x80000000000000002048054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1625fcc18307622022-02-14 10:54:53.431root 11241100x80000000000000002048055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50576b22a7aad19e2022-02-14 10:54:53.431root 11241100x80000000000000002048056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd853392e7841d62022-02-14 10:54:53.431root 11241100x80000000000000002048057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8806306dc1ab9372022-02-14 10:54:53.431root 11241100x80000000000000002048058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a53f4d011220af02022-02-14 10:54:53.431root 11241100x80000000000000002048059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e5011a367f4b1e2022-02-14 10:54:53.431root 11241100x80000000000000002048060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f3246fa29f753f2022-02-14 10:54:53.431root 11241100x80000000000000002048061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a912dd1d3fd809a42022-02-14 10:54:53.431root 11241100x80000000000000002048062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3c95ed4d4b5f6f2022-02-14 10:54:53.431root 11241100x80000000000000002048063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6367b9f9efecb262022-02-14 10:54:53.431root 11241100x80000000000000002048064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498fd8c0f26291ad2022-02-14 10:54:53.432root 11241100x80000000000000002048065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248be65c03a119192022-02-14 10:54:53.432root 11241100x80000000000000002048066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75646c701daf65892022-02-14 10:54:53.432root 11241100x80000000000000002048067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516fb9d1875466a62022-02-14 10:54:53.432root 11241100x80000000000000002048068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac00c0a713486192022-02-14 10:54:53.432root 11241100x80000000000000002048069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b29b9cf8b9ad0cf2022-02-14 10:54:53.931root 11241100x80000000000000002048070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d65d69b150a2052022-02-14 10:54:53.931root 11241100x80000000000000002048071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9134ebbeb2c0e0de2022-02-14 10:54:53.932root 11241100x80000000000000002048072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a900cd30fa3807c2022-02-14 10:54:53.932root 11241100x80000000000000002048073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f765016baa603a72022-02-14 10:54:53.932root 11241100x80000000000000002048074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e853f94e7a17c62022-02-14 10:54:53.932root 11241100x80000000000000002048075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0bd6f6220af0292022-02-14 10:54:53.932root 11241100x80000000000000002048076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ffbef54d7028372022-02-14 10:54:53.932root 11241100x80000000000000002048077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd35f0e460ca4862022-02-14 10:54:53.932root 11241100x80000000000000002048078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1841121b164dbf3b2022-02-14 10:54:53.932root 11241100x80000000000000002048079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a36ce338fbfad82022-02-14 10:54:53.932root 11241100x80000000000000002048080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb2bb56e2c125532022-02-14 10:54:53.932root 11241100x80000000000000002048081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe9721a190ff6382022-02-14 10:54:53.932root 11241100x80000000000000002048082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58abdf20dcee3fac2022-02-14 10:54:53.932root 11241100x80000000000000002048083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8257d040d318ec492022-02-14 10:54:53.932root 11241100x80000000000000002048084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83349cfdba1bfdbd2022-02-14 10:54:53.932root 11241100x80000000000000002048085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e483c1bdee9e442022-02-14 10:54:53.932root 11241100x80000000000000002048086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da766fcb6d92a802022-02-14 10:54:53.933root 354300x80000000000000002048087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.175{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54644-false10.0.1.12-8000- 11241100x80000000000000002048088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2642bb247d32e5de2022-02-14 10:54:54.430root 11241100x80000000000000002048089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22e21d8b21852fe2022-02-14 10:54:54.431root 11241100x80000000000000002048090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd41f0c000ad67d02022-02-14 10:54:54.431root 11241100x80000000000000002048091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8a3bea7b90f9d42022-02-14 10:54:54.434root 11241100x80000000000000002048092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e639223209292c592022-02-14 10:54:54.434root 11241100x80000000000000002048093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c43fdd8d4c1d5a72022-02-14 10:54:54.434root 11241100x80000000000000002048094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f236811aabd946d2022-02-14 10:54:54.434root 11241100x80000000000000002048095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855d9adcde12e54a2022-02-14 10:54:54.434root 11241100x80000000000000002048096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11d9933e0470cb22022-02-14 10:54:54.434root 11241100x80000000000000002048097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa37aabcdcaf12b2022-02-14 10:54:54.434root 11241100x80000000000000002048098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec3a5272dd6c4de2022-02-14 10:54:54.434root 11241100x80000000000000002048099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0fa8e730eb239c2022-02-14 10:54:54.434root 11241100x80000000000000002048100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dcb0f3cc25842e2022-02-14 10:54:54.434root 11241100x80000000000000002048101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acbb2843bc2c1812022-02-14 10:54:54.434root 11241100x80000000000000002048102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70dc2dfe4db669c2022-02-14 10:54:54.434root 11241100x80000000000000002048103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47938ab769d5003d2022-02-14 10:54:54.434root 11241100x80000000000000002048104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b5a00d732a24472022-02-14 10:54:54.434root 11241100x80000000000000002048105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d938d97e887c50a02022-02-14 10:54:54.434root 11241100x80000000000000002048106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eea22e49dabee1e2022-02-14 10:54:54.434root 11241100x80000000000000002048107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a399e1ca22e5f32022-02-14 10:54:54.930root 11241100x80000000000000002048108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13501d19edcc3d1f2022-02-14 10:54:54.930root 11241100x80000000000000002048109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48684b46c025196e2022-02-14 10:54:54.930root 11241100x80000000000000002048110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb78ba1490a88f52022-02-14 10:54:54.931root 11241100x80000000000000002048111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585fb321b9953e0e2022-02-14 10:54:54.931root 11241100x80000000000000002048112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd7aab4f8e5cdca2022-02-14 10:54:54.931root 11241100x80000000000000002048113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215a1cbd1865fae92022-02-14 10:54:54.931root 11241100x80000000000000002048114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e07b8b987bf12c2022-02-14 10:54:54.931root 11241100x80000000000000002048115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426a849abc3438662022-02-14 10:54:54.931root 11241100x80000000000000002048116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433b3a82a682cefe2022-02-14 10:54:54.931root 11241100x80000000000000002048117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d7a9d51f119c742022-02-14 10:54:54.931root 11241100x80000000000000002048118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9fd8c597dc521a2022-02-14 10:54:54.932root 11241100x80000000000000002048119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21aa075fe56d8d922022-02-14 10:54:54.932root 11241100x80000000000000002048120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12fa33b664f6bf22022-02-14 10:54:54.932root 11241100x80000000000000002048121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25c42703f044e042022-02-14 10:54:54.932root 11241100x80000000000000002048122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa1c14df37cbf862022-02-14 10:54:54.932root 11241100x80000000000000002048123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc442e367cac27c2022-02-14 10:54:54.932root 11241100x80000000000000002048124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b6620dd7ce5a7a2022-02-14 10:54:54.932root 11241100x80000000000000002048125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c67cec8fc819d2022-02-14 10:54:54.932root 11241100x80000000000000002048126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9fbc09ff0860552022-02-14 10:54:55.431root 11241100x80000000000000002048127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aec04dc216eb3972022-02-14 10:54:55.431root 11241100x80000000000000002048128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196079fe045adb4c2022-02-14 10:54:55.431root 11241100x80000000000000002048129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a046ce625525132022-02-14 10:54:55.431root 11241100x80000000000000002048130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b8b5f798dea3fc2022-02-14 10:54:55.431root 11241100x80000000000000002048131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cc6a735e845f1c2022-02-14 10:54:55.431root 11241100x80000000000000002048132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099810ebbe9e9c9c2022-02-14 10:54:55.431root 11241100x80000000000000002048133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8baa8613b90db962022-02-14 10:54:55.431root 11241100x80000000000000002048134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2a855b6321b5202022-02-14 10:54:55.431root 11241100x80000000000000002048135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab8fa3750cb8d3f2022-02-14 10:54:55.432root 11241100x80000000000000002048136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2307725439fbb50b2022-02-14 10:54:55.432root 11241100x80000000000000002048137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9065a54eee07a45b2022-02-14 10:54:55.432root 11241100x80000000000000002048138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2941b6e912555e182022-02-14 10:54:55.432root 11241100x80000000000000002048139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca2d9240adbbc3e2022-02-14 10:54:55.432root 11241100x80000000000000002048140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09363c7962e153c2022-02-14 10:54:55.432root 11241100x80000000000000002048141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f097e441b8b9189f2022-02-14 10:54:55.432root 11241100x80000000000000002048142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906bda3db87a4f112022-02-14 10:54:55.432root 11241100x80000000000000002048143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ef08d6281f88b82022-02-14 10:54:55.433root 11241100x80000000000000002048144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc43632568926cd12022-02-14 10:54:55.433root 11241100x80000000000000002048145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e23217d5c7381202022-02-14 10:54:55.930root 11241100x80000000000000002048146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19077fce658ffd02022-02-14 10:54:55.930root 11241100x80000000000000002048147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7b0a05025aa2692022-02-14 10:54:55.931root 11241100x80000000000000002048148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0c126f3c06ac682022-02-14 10:54:55.931root 11241100x80000000000000002048149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82de28b43ac55ded2022-02-14 10:54:55.931root 11241100x80000000000000002048150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df66633ecb241b732022-02-14 10:54:55.931root 11241100x80000000000000002048151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397a3223d9f248c52022-02-14 10:54:55.931root 11241100x80000000000000002048152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5432ffd3ed9dbf4e2022-02-14 10:54:55.931root 11241100x80000000000000002048153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd676f1c694201c22022-02-14 10:54:55.931root 11241100x80000000000000002048154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59871ac174a5da22022-02-14 10:54:55.931root 11241100x80000000000000002048155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d5604ef58e27832022-02-14 10:54:55.931root 11241100x80000000000000002048156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375c1955293fa59a2022-02-14 10:54:55.932root 11241100x80000000000000002048157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a606155d4cecd3342022-02-14 10:54:55.932root 11241100x80000000000000002048158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7f4140bc4fc3e42022-02-14 10:54:55.932root 11241100x80000000000000002048159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8af9f5454953f62022-02-14 10:54:55.932root 11241100x80000000000000002048160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a09fef634506982022-02-14 10:54:55.932root 11241100x80000000000000002048161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d497643ba6dad02022-02-14 10:54:55.932root 11241100x80000000000000002048162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec90c103b5158192022-02-14 10:54:55.932root 11241100x80000000000000002048163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501e85030e70217c2022-02-14 10:54:55.932root 11241100x80000000000000002048164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237322f6158127782022-02-14 10:54:56.430root 11241100x80000000000000002048165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918656e533c385a12022-02-14 10:54:56.430root 11241100x80000000000000002048166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1f2dd1415824ab2022-02-14 10:54:56.431root 11241100x80000000000000002048167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5266abdc00d7c2ff2022-02-14 10:54:56.431root 11241100x80000000000000002048168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af09ffcec32242262022-02-14 10:54:56.431root 11241100x80000000000000002048169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e43f8b2415fb612022-02-14 10:54:56.431root 11241100x80000000000000002048170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988f744e089d756b2022-02-14 10:54:56.431root 11241100x80000000000000002048171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cd883a999190e02022-02-14 10:54:56.431root 11241100x80000000000000002048172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e5d14610e01b502022-02-14 10:54:56.431root 11241100x80000000000000002048173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f11497240da06652022-02-14 10:54:56.431root 11241100x80000000000000002048174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de1637423ed36182022-02-14 10:54:56.431root 11241100x80000000000000002048175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0a2f0254eeae132022-02-14 10:54:56.431root 11241100x80000000000000002048176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1e9aee8039dcf02022-02-14 10:54:56.431root 11241100x80000000000000002048177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f623e1d13e45e3972022-02-14 10:54:56.431root 11241100x80000000000000002048178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fd64b032391fe92022-02-14 10:54:56.431root 11241100x80000000000000002048179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1805e146260f03fa2022-02-14 10:54:56.431root 11241100x80000000000000002048180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf38af60a9f8da02022-02-14 10:54:56.431root 11241100x80000000000000002048181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7116a84b55a53a872022-02-14 10:54:56.431root 11241100x80000000000000002048182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2565a1b03f978d52022-02-14 10:54:56.432root 11241100x80000000000000002048183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4976e54efaef846c2022-02-14 10:54:56.930root 11241100x80000000000000002048184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26644bcaeb8a7fdd2022-02-14 10:54:56.930root 11241100x80000000000000002048185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82ed1cc0468983e2022-02-14 10:54:56.930root 11241100x80000000000000002048186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c669a8e6cb09c532022-02-14 10:54:56.931root 11241100x80000000000000002048187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da09a64f6c7350d32022-02-14 10:54:56.931root 11241100x80000000000000002048188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6397cefebace09e82022-02-14 10:54:56.931root 11241100x80000000000000002048189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6ebc050510d9d32022-02-14 10:54:56.931root 11241100x80000000000000002048190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cf0a96499479e22022-02-14 10:54:56.931root 11241100x80000000000000002048191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e5ab03113aa4942022-02-14 10:54:56.931root 11241100x80000000000000002048192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfe6be140c410cc2022-02-14 10:54:56.931root 11241100x80000000000000002048193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bceed853c526862022-02-14 10:54:56.931root 11241100x80000000000000002048194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8ad83848f7509b2022-02-14 10:54:56.931root 11241100x80000000000000002048195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d566b6da60108d2022-02-14 10:54:56.931root 11241100x80000000000000002048196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6e164d984a6c2c2022-02-14 10:54:56.931root 11241100x80000000000000002048197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf016bd1fee305d2022-02-14 10:54:56.931root 11241100x80000000000000002048198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96e9e3f09d55b3f2022-02-14 10:54:56.931root 11241100x80000000000000002048199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165c420aa3cfa1172022-02-14 10:54:56.932root 11241100x80000000000000002048200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a42a488ed636aa2022-02-14 10:54:56.932root 11241100x80000000000000002048201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a2502a071f040b2022-02-14 10:54:56.932root 11241100x80000000000000002048202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69424ea2f2cea4792022-02-14 10:54:57.430root 11241100x80000000000000002048203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4b391871b1ff2c2022-02-14 10:54:57.430root 11241100x80000000000000002048204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3ad8e08e294e262022-02-14 10:54:57.430root 11241100x80000000000000002048205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744b8a645eb5ad372022-02-14 10:54:57.431root 11241100x80000000000000002048206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2092626de5d44d8a2022-02-14 10:54:57.431root 11241100x80000000000000002048207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783fdc0c0a4ca83d2022-02-14 10:54:57.431root 11241100x80000000000000002048208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cc52a95712173c2022-02-14 10:54:57.431root 11241100x80000000000000002048209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47bd5700cecc96b2022-02-14 10:54:57.431root 11241100x80000000000000002048210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffa959f643548f12022-02-14 10:54:57.431root 11241100x80000000000000002048211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc387fa3662fb092022-02-14 10:54:57.431root 11241100x80000000000000002048212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4be8106c69bdc6c2022-02-14 10:54:57.431root 11241100x80000000000000002048213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae85fc55521422232022-02-14 10:54:57.431root 11241100x80000000000000002048214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828bc6ec39bef94a2022-02-14 10:54:57.431root 11241100x80000000000000002048215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e9cd129c9ee3972022-02-14 10:54:57.431root 11241100x80000000000000002048216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bddcc3188d300c32022-02-14 10:54:57.432root 11241100x80000000000000002048217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf317fab31be43922022-02-14 10:54:57.432root 11241100x80000000000000002048218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4913157aa3917bd2022-02-14 10:54:57.432root 11241100x80000000000000002048219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105f3e3d4579fb802022-02-14 10:54:57.432root 11241100x80000000000000002048220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aabec7dfb132b62022-02-14 10:54:57.432root 11241100x80000000000000002048221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa9fceabd20e02c2022-02-14 10:54:57.930root 11241100x80000000000000002048222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47ac364de73318b2022-02-14 10:54:57.930root 11241100x80000000000000002048223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27aff4f27c8cbc022022-02-14 10:54:57.930root 11241100x80000000000000002048224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452697b7ae0d1e722022-02-14 10:54:57.931root 11241100x80000000000000002048225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c46aaa3b3295052022-02-14 10:54:57.931root 11241100x80000000000000002048226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ec4ae5585a494b2022-02-14 10:54:57.931root 11241100x80000000000000002048227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0ed1c3b72f5d9e2022-02-14 10:54:57.931root 11241100x80000000000000002048228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fde3d42df07b0862022-02-14 10:54:57.931root 11241100x80000000000000002048229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0170cb82aa65412022-02-14 10:54:57.931root 11241100x80000000000000002048230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9ac4423c91bf0c2022-02-14 10:54:57.932root 11241100x80000000000000002048231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf437538f5cdb62a2022-02-14 10:54:57.932root 11241100x80000000000000002048232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617bcaad9f1e15fa2022-02-14 10:54:57.932root 11241100x80000000000000002048233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d782271b63994dc32022-02-14 10:54:57.932root 11241100x80000000000000002048234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae019c6815fabdd2022-02-14 10:54:57.932root 11241100x80000000000000002048235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f09959905d7d03b2022-02-14 10:54:57.932root 11241100x80000000000000002048236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b127ccf1d02db78a2022-02-14 10:54:57.932root 11241100x80000000000000002048237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df482cfde59f1d82022-02-14 10:54:57.933root 11241100x80000000000000002048238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433995b03c01e0c92022-02-14 10:54:57.933root 11241100x80000000000000002048239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:57.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79059c9d93318ea02022-02-14 10:54:57.933root 11241100x80000000000000002048240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3292b8ef4822c6472022-02-14 10:54:58.430root 11241100x80000000000000002048241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a6834f78f3c40a2022-02-14 10:54:58.430root 11241100x80000000000000002048242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaddab69cb7949772022-02-14 10:54:58.430root 11241100x80000000000000002048243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed0f5d4d2e199e52022-02-14 10:54:58.430root 11241100x80000000000000002048244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c99be78cee07a442022-02-14 10:54:58.431root 11241100x80000000000000002048245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bf5e3ad2cf12402022-02-14 10:54:58.431root 11241100x80000000000000002048246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c02bba944c1b26e2022-02-14 10:54:58.431root 11241100x80000000000000002048247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5a7425942915062022-02-14 10:54:58.431root 11241100x80000000000000002048248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d74d53dcb9fa1b2022-02-14 10:54:58.431root 11241100x80000000000000002048249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1ecb2acb95ed4b2022-02-14 10:54:58.431root 11241100x80000000000000002048250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f2bd9d4e62d1f82022-02-14 10:54:58.431root 11241100x80000000000000002048251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171a07ebcee7fdc92022-02-14 10:54:58.431root 11241100x80000000000000002048252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a616398aa9b4bbf2022-02-14 10:54:58.432root 11241100x80000000000000002048253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597f6ff1c069ef272022-02-14 10:54:58.432root 11241100x80000000000000002048254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9249ab7a37ca63702022-02-14 10:54:58.432root 11241100x80000000000000002048255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da7fd455514568b2022-02-14 10:54:58.432root 11241100x80000000000000002048256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb7d317305f7e932022-02-14 10:54:58.432root 11241100x80000000000000002048257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dd2d38d74c13192022-02-14 10:54:58.432root 11241100x80000000000000002048258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3455869a10390e2c2022-02-14 10:54:58.432root 11241100x80000000000000002048259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921338987c7e2f122022-02-14 10:54:58.930root 11241100x80000000000000002048260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069ebceef01e7fd72022-02-14 10:54:58.931root 11241100x80000000000000002048261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f4893100b237202022-02-14 10:54:58.931root 11241100x80000000000000002048262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a43f8b3dd4b95e82022-02-14 10:54:58.931root 11241100x80000000000000002048263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044247d31a6de6532022-02-14 10:54:58.931root 11241100x80000000000000002048264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e78e79359c131a52022-02-14 10:54:58.931root 11241100x80000000000000002048265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b341d945a41af2ff2022-02-14 10:54:58.932root 11241100x80000000000000002048266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418fb8e94cba5e352022-02-14 10:54:58.932root 11241100x80000000000000002048267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b9da654665c6312022-02-14 10:54:58.932root 11241100x80000000000000002048268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a648e053ec100f2022-02-14 10:54:58.932root 11241100x80000000000000002048269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be7a5622a4908ef2022-02-14 10:54:58.932root 11241100x80000000000000002048270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c2e10ab8c9b2442022-02-14 10:54:58.933root 11241100x80000000000000002048271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820aabe9157c97b22022-02-14 10:54:58.933root 11241100x80000000000000002048272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5607169622e7cef62022-02-14 10:54:58.933root 11241100x80000000000000002048273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4755c20d30676d62022-02-14 10:54:58.933root 11241100x80000000000000002048274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef40bae69b05dce82022-02-14 10:54:58.933root 11241100x80000000000000002048275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20af711f924a4582022-02-14 10:54:58.934root 11241100x80000000000000002048276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6227ae77600615ed2022-02-14 10:54:58.934root 11241100x80000000000000002048277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:58.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9060c7a0c9552512022-02-14 10:54:58.934root 11241100x80000000000000002048278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fe475aa95e42f02022-02-14 10:54:59.430root 11241100x80000000000000002048279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bc002dc95d01692022-02-14 10:54:59.431root 11241100x80000000000000002048280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3e20369949428b2022-02-14 10:54:59.431root 11241100x80000000000000002048281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e5b55a734ed5882022-02-14 10:54:59.431root 11241100x80000000000000002048282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139eab40e1561aef2022-02-14 10:54:59.432root 11241100x80000000000000002048283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c60e3fb8ffd4352022-02-14 10:54:59.432root 11241100x80000000000000002048284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb919067805ee2222022-02-14 10:54:59.432root 11241100x80000000000000002048285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93cb2c2db1d540b2022-02-14 10:54:59.432root 11241100x80000000000000002048286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ca2a26ca804ca72022-02-14 10:54:59.433root 11241100x80000000000000002048287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e5a54fe6cd67d42022-02-14 10:54:59.433root 11241100x80000000000000002048288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ddc4a5bb5f07242022-02-14 10:54:59.433root 11241100x80000000000000002048289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e034e3e4873f40a22022-02-14 10:54:59.433root 11241100x80000000000000002048290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a67a3d828a1a402022-02-14 10:54:59.433root 11241100x80000000000000002048291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed36de90a2afc44b2022-02-14 10:54:59.433root 11241100x80000000000000002048292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58fdd1f60f1c5182022-02-14 10:54:59.434root 11241100x80000000000000002048293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f03d0878a43680b2022-02-14 10:54:59.434root 11241100x80000000000000002048294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaa974bbc9926702022-02-14 10:54:59.434root 11241100x80000000000000002048295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b60344bd0a7584a2022-02-14 10:54:59.434root 11241100x80000000000000002048296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7a5e38c8dfeef32022-02-14 10:54:59.434root 11241100x80000000000000002048297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a20ec50ed05e0d2022-02-14 10:54:59.930root 11241100x80000000000000002048298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c35fca5fdca2832022-02-14 10:54:59.930root 11241100x80000000000000002048299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea3590cd6a229cf2022-02-14 10:54:59.930root 11241100x80000000000000002048300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c3d7c20e4af7e02022-02-14 10:54:59.930root 11241100x80000000000000002048301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed76b21c11392cd2022-02-14 10:54:59.930root 11241100x80000000000000002048302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb63c674145f92b82022-02-14 10:54:59.930root 11241100x80000000000000002048303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d37d3417541e5e2022-02-14 10:54:59.930root 11241100x80000000000000002048304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7af98639a4a79e2022-02-14 10:54:59.930root 11241100x80000000000000002048305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2dbf6388c13e8e2022-02-14 10:54:59.930root 11241100x80000000000000002048306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2d199749d8a2722022-02-14 10:54:59.930root 11241100x80000000000000002048307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d43077085a4c2f2022-02-14 10:54:59.930root 11241100x80000000000000002048308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3da5bad68dcf5b32022-02-14 10:54:59.930root 11241100x80000000000000002048309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f3bb7667996d472022-02-14 10:54:59.933root 11241100x80000000000000002048310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739dc1193757a4452022-02-14 10:54:59.933root 11241100x80000000000000002048311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda9309d1dca64b92022-02-14 10:54:59.933root 11241100x80000000000000002048312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b415d12268dc95a2022-02-14 10:54:59.933root 11241100x80000000000000002048313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275dc3ddeb597e402022-02-14 10:54:59.933root 11241100x80000000000000002048314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5941dce45a522a6c2022-02-14 10:54:59.933root 11241100x80000000000000002048315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fd342bec6bd6542022-02-14 10:54:59.933root 11241100x80000000000000002048316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac8576076d6f32c2022-02-14 10:54:59.933root 11241100x80000000000000002048317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6abfd36d5a4bf62022-02-14 10:54:59.934root 11241100x80000000000000002048318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8836e57533e9482022-02-14 10:54:59.934root 11241100x80000000000000002048319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4186a1fdd33f0212022-02-14 10:54:59.934root 11241100x80000000000000002048320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6306be4823ae9d202022-02-14 10:54:59.934root 11241100x80000000000000002048321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e2faec33debe782022-02-14 10:54:59.934root 11241100x80000000000000002048322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6e9d3c10db91ea2022-02-14 10:54:59.934root 11241100x80000000000000002048323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eefe71ae415ad0d2022-02-14 10:54:59.934root 11241100x80000000000000002048324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707def068007aae42022-02-14 10:54:59.934root 11241100x80000000000000002048325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b904125cfe9056f2022-02-14 10:54:59.934root 11241100x80000000000000002048326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036193646dee9b132022-02-14 10:54:59.935root 11241100x80000000000000002048327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:54:59.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973193cddc65829d2022-02-14 10:54:59.935root 354300x80000000000000002048328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.106{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54646-false10.0.1.12-8000- 11241100x80000000000000002048329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67b48fd15d058c72022-02-14 10:55:00.430root 11241100x80000000000000002048330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50e7ca73ebd79142022-02-14 10:55:00.431root 11241100x80000000000000002048331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3c07595092e08c2022-02-14 10:55:00.431root 11241100x80000000000000002048332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f9a445af584c342022-02-14 10:55:00.431root 11241100x80000000000000002048333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8507cf8a63e9f57b2022-02-14 10:55:00.431root 11241100x80000000000000002048334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5864fe3679fc882022-02-14 10:55:00.432root 11241100x80000000000000002048335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20015a5cfa6284122022-02-14 10:55:00.432root 11241100x80000000000000002048336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0713206b9ebba4a62022-02-14 10:55:00.432root 11241100x80000000000000002048337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9c7ac292e1c1a92022-02-14 10:55:00.432root 11241100x80000000000000002048338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465156971b3aa4312022-02-14 10:55:00.432root 11241100x80000000000000002048339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2567e97d60ba82ce2022-02-14 10:55:00.432root 11241100x80000000000000002048340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe94d2c6ba1a59f22022-02-14 10:55:00.432root 11241100x80000000000000002048341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039076df3b31bce92022-02-14 10:55:00.432root 11241100x80000000000000002048342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe2aad2e3a205092022-02-14 10:55:00.432root 11241100x80000000000000002048343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ee838900e960a52022-02-14 10:55:00.433root 11241100x80000000000000002048344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d42069d8bef6a6b2022-02-14 10:55:00.433root 11241100x80000000000000002048345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c5241db105d13f2022-02-14 10:55:00.433root 11241100x80000000000000002048346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0282b00b87c713702022-02-14 10:55:00.433root 11241100x80000000000000002048347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60073297ea25ae4d2022-02-14 10:55:00.433root 11241100x80000000000000002048348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2108cfb3eeafa72022-02-14 10:55:00.434root 11241100x80000000000000002048349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354c5bb3ea8aa3f22022-02-14 10:55:00.930root 11241100x80000000000000002048350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f09fe9f36e04c62022-02-14 10:55:00.930root 11241100x80000000000000002048351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019c3035894686a52022-02-14 10:55:00.931root 11241100x80000000000000002048352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e33a9198d1614802022-02-14 10:55:00.931root 11241100x80000000000000002048353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cec236040b970042022-02-14 10:55:00.931root 11241100x80000000000000002048354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15ea75607f0d9a52022-02-14 10:55:00.931root 11241100x80000000000000002048355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e795891a8d45fe2022-02-14 10:55:00.931root 11241100x80000000000000002048356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60167af34ea56aa62022-02-14 10:55:00.931root 11241100x80000000000000002048357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf89859208682e5b2022-02-14 10:55:00.931root 11241100x80000000000000002048358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b06e575f68baa12022-02-14 10:55:00.931root 11241100x80000000000000002048359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077066cfe3380cae2022-02-14 10:55:00.931root 11241100x80000000000000002048360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcd75d70030d2982022-02-14 10:55:00.932root 11241100x80000000000000002048361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c618c20a72351d42022-02-14 10:55:00.932root 11241100x80000000000000002048362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfad4b9993aeef652022-02-14 10:55:00.932root 11241100x80000000000000002048363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30955ae8a90cefb2022-02-14 10:55:00.932root 11241100x80000000000000002048364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c192aafacd84ac2022-02-14 10:55:00.933root 11241100x80000000000000002048365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8527772144bc52782022-02-14 10:55:00.933root 11241100x80000000000000002048366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51d205f05472c942022-02-14 10:55:00.933root 11241100x80000000000000002048367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34b4d7dacdb84302022-02-14 10:55:00.933root 11241100x80000000000000002048368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:00.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e01ca732bc832232022-02-14 10:55:00.933root 11241100x80000000000000002048369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b5946070b906182022-02-14 10:55:01.430root 11241100x80000000000000002048370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dda447a8cf84822022-02-14 10:55:01.431root 11241100x80000000000000002048371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d3e3c03109292d2022-02-14 10:55:01.431root 11241100x80000000000000002048372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5fae11b5d817712022-02-14 10:55:01.431root 11241100x80000000000000002048373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cea5257b814faae2022-02-14 10:55:01.431root 11241100x80000000000000002048374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869542df4e5d790c2022-02-14 10:55:01.431root 11241100x80000000000000002048375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac774324fbebcb12022-02-14 10:55:01.431root 11241100x80000000000000002048376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9638344abe9a722022-02-14 10:55:01.432root 11241100x80000000000000002048377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed137e083706615a2022-02-14 10:55:01.432root 11241100x80000000000000002048378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62937bf7277ca9df2022-02-14 10:55:01.432root 11241100x80000000000000002048379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d75a01e9c4783152022-02-14 10:55:01.432root 11241100x80000000000000002048380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bf628addc066202022-02-14 10:55:01.433root 11241100x80000000000000002048381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e56871fff0e87a22022-02-14 10:55:01.433root 11241100x80000000000000002048382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c316867f357175ec2022-02-14 10:55:01.433root 11241100x80000000000000002048383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10397076e689fca2022-02-14 10:55:01.433root 11241100x80000000000000002048384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c242e6fbdc8150892022-02-14 10:55:01.433root 11241100x80000000000000002048385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7200ae02ff8863fb2022-02-14 10:55:01.434root 11241100x80000000000000002048386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7ea466ccfc927d2022-02-14 10:55:01.435root 11241100x80000000000000002048387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d86cf19274a0b52022-02-14 10:55:01.435root 11241100x80000000000000002048388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16ff63874935c462022-02-14 10:55:01.435root 11241100x80000000000000002048389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e39c795c4e0eb62022-02-14 10:55:01.930root 11241100x80000000000000002048390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3015a5afb4990d2022-02-14 10:55:01.930root 11241100x80000000000000002048391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f455d1401ff2ae2022-02-14 10:55:01.930root 11241100x80000000000000002048392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c18d054e60988262022-02-14 10:55:01.931root 11241100x80000000000000002048393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889dfd3993b1915b2022-02-14 10:55:01.931root 11241100x80000000000000002048394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffeee06577c514a12022-02-14 10:55:01.931root 11241100x80000000000000002048395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb99253a767fb062022-02-14 10:55:01.931root 11241100x80000000000000002048396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8766fd56f97bd41e2022-02-14 10:55:01.931root 11241100x80000000000000002048397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576acbd6ad4cb6992022-02-14 10:55:01.931root 11241100x80000000000000002048398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca64f014eb23fe4d2022-02-14 10:55:01.931root 11241100x80000000000000002048399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad860afe5ffaddf52022-02-14 10:55:01.931root 11241100x80000000000000002048400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd895e7460275b22022-02-14 10:55:01.931root 11241100x80000000000000002048401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e283d607ace217752022-02-14 10:55:01.931root 11241100x80000000000000002048402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9740c0ea895c565a2022-02-14 10:55:01.932root 11241100x80000000000000002048403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b360e43aece71f002022-02-14 10:55:01.932root 11241100x80000000000000002048404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5f2ef8f6030b2f2022-02-14 10:55:01.932root 11241100x80000000000000002048405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea74169741b522082022-02-14 10:55:01.932root 11241100x80000000000000002048406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fc4780b190103a2022-02-14 10:55:01.932root 11241100x80000000000000002048407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848f59e3d880671c2022-02-14 10:55:01.932root 11241100x80000000000000002048408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:01.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00e636e0dced0ff2022-02-14 10:55:01.933root 11241100x80000000000000002048409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163af6f58fe0d57b2022-02-14 10:55:02.430root 11241100x80000000000000002048410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb423f5222840e12022-02-14 10:55:02.431root 11241100x80000000000000002048411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7b0f52cf27299e2022-02-14 10:55:02.431root 11241100x80000000000000002048412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d08505e53d8fac32022-02-14 10:55:02.431root 11241100x80000000000000002048413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856c22b581dd0fd82022-02-14 10:55:02.431root 11241100x80000000000000002048414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08429b3f8a8a31cd2022-02-14 10:55:02.431root 11241100x80000000000000002048415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f30b69cfed60642022-02-14 10:55:02.431root 11241100x80000000000000002048416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c5107f3228ea452022-02-14 10:55:02.431root 11241100x80000000000000002048417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df46728b6cb5457a2022-02-14 10:55:02.431root 11241100x80000000000000002048418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67214f207a4a6f762022-02-14 10:55:02.431root 11241100x80000000000000002048419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a990d1ca1011422022-02-14 10:55:02.432root 11241100x80000000000000002048420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0ef2d2f85606482022-02-14 10:55:02.432root 11241100x80000000000000002048421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17ab986430bac402022-02-14 10:55:02.432root 11241100x80000000000000002048422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d85b5892b15f4ef2022-02-14 10:55:02.432root 11241100x80000000000000002048423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36084709d76c102b2022-02-14 10:55:02.432root 11241100x80000000000000002048424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37616e0f55a867322022-02-14 10:55:02.432root 11241100x80000000000000002048425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027587aa33a174b52022-02-14 10:55:02.432root 11241100x80000000000000002048426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f753c978069c05252022-02-14 10:55:02.433root 11241100x80000000000000002048427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826b35bc8a0722482022-02-14 10:55:02.434root 11241100x80000000000000002048428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a157768eacbbf802022-02-14 10:55:02.434root 11241100x80000000000000002048429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf72b2ef32a735bb2022-02-14 10:55:02.930root 11241100x80000000000000002048430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39721175706c35882022-02-14 10:55:02.931root 11241100x80000000000000002048431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562d1c4f9660f58c2022-02-14 10:55:02.931root 11241100x80000000000000002048432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ac23f933ea759f2022-02-14 10:55:02.931root 11241100x80000000000000002048433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7922f37b078fcc362022-02-14 10:55:02.931root 11241100x80000000000000002048434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611fbd961c38e0792022-02-14 10:55:02.931root 11241100x80000000000000002048435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d2e1cd5b09576b2022-02-14 10:55:02.931root 11241100x80000000000000002048436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333430090cea52c12022-02-14 10:55:02.932root 11241100x80000000000000002048437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d99979640a66772022-02-14 10:55:02.932root 11241100x80000000000000002048438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7190995f6a11e2ed2022-02-14 10:55:02.932root 11241100x80000000000000002048439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dc45ddb35cb4722022-02-14 10:55:02.932root 11241100x80000000000000002048440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dca0e9410226912022-02-14 10:55:02.932root 11241100x80000000000000002048441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999d0e1f63b4b5ca2022-02-14 10:55:02.932root 11241100x80000000000000002048442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ea0e3cfa0c6bf52022-02-14 10:55:02.932root 11241100x80000000000000002048443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1d5cdd1b1921902022-02-14 10:55:02.932root 11241100x80000000000000002048444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92440ef7289f9f732022-02-14 10:55:02.932root 11241100x80000000000000002048445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1880f6a6006a12b22022-02-14 10:55:02.932root 11241100x80000000000000002048446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accb60085eacd8042022-02-14 10:55:02.932root 11241100x80000000000000002048447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e0c82852c80de92022-02-14 10:55:02.932root 11241100x80000000000000002048448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:02.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2080ebce6e42140e2022-02-14 10:55:02.933root 11241100x80000000000000002048449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6a090d9735cfaa2022-02-14 10:55:03.430root 11241100x80000000000000002048450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ca27bb6776c8392022-02-14 10:55:03.431root 11241100x80000000000000002048451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4a6ca2ee70dddd2022-02-14 10:55:03.431root 11241100x80000000000000002048452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d6b03d3ab31f412022-02-14 10:55:03.431root 11241100x80000000000000002048453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3624768c52ec8b2022-02-14 10:55:03.431root 11241100x80000000000000002048454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41e849d4eacafdd2022-02-14 10:55:03.431root 11241100x80000000000000002048455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233feb23f81257fd2022-02-14 10:55:03.431root 11241100x80000000000000002048456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b1aeb9b7f7075e2022-02-14 10:55:03.431root 11241100x80000000000000002048457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518846d799cb8f772022-02-14 10:55:03.431root 11241100x80000000000000002048458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ba9431f88777e2022-02-14 10:55:03.431root 11241100x80000000000000002048459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da040a6abb35a432022-02-14 10:55:03.431root 11241100x80000000000000002048460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67874aa4ded83b1e2022-02-14 10:55:03.432root 11241100x80000000000000002048461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca98597ee8f9af52022-02-14 10:55:03.432root 11241100x80000000000000002048462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba5b5bf6775b0dc2022-02-14 10:55:03.432root 11241100x80000000000000002048463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a9b7c01405b03c2022-02-14 10:55:03.432root 11241100x80000000000000002048464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff81f56238f3e532022-02-14 10:55:03.432root 11241100x80000000000000002048465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dcdf4f3deb1cd82022-02-14 10:55:03.432root 11241100x80000000000000002048466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301d7af6913fb2d42022-02-14 10:55:03.432root 11241100x80000000000000002048467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460386a72f03d3902022-02-14 10:55:03.432root 11241100x80000000000000002048468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146a4fb8a98bfcca2022-02-14 10:55:03.432root 11241100x80000000000000002048469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11a88796c0028682022-02-14 10:55:03.930root 11241100x80000000000000002048470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28012df621d74de12022-02-14 10:55:03.930root 11241100x80000000000000002048471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d5f80235127c432022-02-14 10:55:03.930root 11241100x80000000000000002048472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df02da7103e5a5322022-02-14 10:55:03.931root 11241100x80000000000000002048473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d4d6d79f77e6db2022-02-14 10:55:03.931root 11241100x80000000000000002048474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dadc53913cef73e2022-02-14 10:55:03.931root 11241100x80000000000000002048496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:10.016{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 10:55:10.016root 354300x80000000000000002048497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:10.251{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54650-false10.0.1.12-8000- 11241100x80000000000000002048498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:10.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2acb66150e49e0f2022-02-14 10:55:10.429root 11241100x80000000000000002048499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71d8b717b95cdac2022-02-14 10:55:10.430root 11241100x80000000000000002048500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:10.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a9ab433cd876f22022-02-14 10:55:10.929root 11241100x80000000000000002048501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ceb92bdf4eee2b2022-02-14 10:55:10.930root 354300x80000000000000002048502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:11.077{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-58140-false10.0.1.12-8089- 11241100x80000000000000002048503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3fe5fc2dce5aa72022-02-14 10:55:11.430root 11241100x80000000000000002048504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfaa36c44b67298b2022-02-14 10:55:11.430root 11241100x80000000000000002048505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cc99e6fc1aea1b2022-02-14 10:55:11.430root 11241100x80000000000000002048506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb43fb34f972d4c2022-02-14 10:55:11.930root 11241100x80000000000000002048507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae30b27be6708b42022-02-14 10:55:11.930root 11241100x80000000000000002048508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b54c678c6fbd952022-02-14 10:55:11.930root 11241100x80000000000000002048509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef656472521bbf862022-02-14 10:55:12.430root 11241100x80000000000000002048510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409f51c4c0dbd1862022-02-14 10:55:12.430root 11241100x80000000000000002048511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10704f38e1599fc82022-02-14 10:55:12.430root 11241100x80000000000000002048512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e146c1e04bc56462022-02-14 10:55:12.930root 11241100x80000000000000002048513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedac254db013bee2022-02-14 10:55:12.930root 11241100x80000000000000002048514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2232fe481e448c302022-02-14 10:55:12.930root 23542300x80000000000000002048515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:13.017{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000002048516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5df63e5d6cfb302022-02-14 10:55:13.430root 11241100x80000000000000002048517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a615b9ae9dda25302022-02-14 10:55:13.430root 11241100x80000000000000002048518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf2d5e4ef461c8c2022-02-14 10:55:13.430root 11241100x80000000000000002048519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10887c02fedcf43c2022-02-14 10:55:13.430root 11241100x80000000000000002048520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482e9332e510b88c2022-02-14 10:55:13.930root 11241100x80000000000000002048521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3b555c169a50442022-02-14 10:55:13.930root 11241100x80000000000000002048522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446fd1ba3e0b65ec2022-02-14 10:55:13.930root 11241100x80000000000000002048523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d43bd7d8a4a9f942022-02-14 10:55:13.930root 11241100x80000000000000002048524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:14.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcd5c3a6b1cc6eb2022-02-14 10:55:14.429root 11241100x80000000000000002048525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf04cd23e58b2332022-02-14 10:55:14.430root 11241100x80000000000000002048526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c873163f7e66682022-02-14 10:55:14.430root 11241100x80000000000000002048527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2078c8a13fdca8852022-02-14 10:55:14.430root 11241100x80000000000000002048528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e24698cfd0fb63f2022-02-14 10:55:14.930root 11241100x80000000000000002048529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668ec0a69161a3232022-02-14 10:55:14.930root 11241100x80000000000000002048530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f607b8c3b50b3c2022-02-14 10:55:14.930root 11241100x80000000000000002048531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c292c5389b194392022-02-14 10:55:14.930root 11241100x80000000000000002048532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ca1beb28a8a5af2022-02-14 10:55:15.430root 11241100x80000000000000002048533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4ca31aa12fa4bb2022-02-14 10:55:15.430root 11241100x80000000000000002048534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239200fcfc20fe652022-02-14 10:55:15.430root 11241100x80000000000000002048535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3298ae7ce7e8f0d22022-02-14 10:55:15.430root 11241100x80000000000000002048536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e81ee7573c3f622022-02-14 10:55:15.930root 11241100x80000000000000002048537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a5189dddd14fec2022-02-14 10:55:15.930root 11241100x80000000000000002048538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc36255d8fbe4c22022-02-14 10:55:15.930root 11241100x80000000000000002048539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c002e0e6908b0312022-02-14 10:55:15.930root 354300x80000000000000002048540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:16.168{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54654-false10.0.1.12-8000- 11241100x80000000000000002048541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8372801fafe82b902022-02-14 10:55:16.430root 11241100x80000000000000002048542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f60adb2835bba992022-02-14 10:55:16.430root 11241100x80000000000000002048543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca83a7792cff57b32022-02-14 10:55:16.430root 11241100x80000000000000002048544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247c7516cb44ce3a2022-02-14 10:55:16.430root 11241100x80000000000000002048545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6ed3d9bed88a6b2022-02-14 10:55:16.430root 11241100x80000000000000002048546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f9a49317ddf0ab2022-02-14 10:55:16.930root 11241100x80000000000000002048547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1426c463991cb1f2022-02-14 10:55:16.930root 11241100x80000000000000002048548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807f5abce7a0d3ac2022-02-14 10:55:16.930root 11241100x80000000000000002048549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f58a5ec584903d92022-02-14 10:55:16.930root 11241100x80000000000000002048550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78c9644a65f05b82022-02-14 10:55:16.930root 11241100x80000000000000002048551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8993330cc20755c62022-02-14 10:55:17.430root 11241100x80000000000000002048552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0b95201d7c26e92022-02-14 10:55:17.430root 11241100x80000000000000002048553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1f19085c338a9b2022-02-14 10:55:17.430root 11241100x80000000000000002048554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e51f8ababa073d2022-02-14 10:55:17.430root 11241100x80000000000000002048555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a2b85fb442d4d72022-02-14 10:55:17.430root 11241100x80000000000000002048556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1878476d26c494a2022-02-14 10:55:17.930root 11241100x80000000000000002048557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d089d8488889597f2022-02-14 10:55:17.930root 11241100x80000000000000002048558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71dcce67b96ce722022-02-14 10:55:17.930root 11241100x80000000000000002048559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb3e18bac3a78dc2022-02-14 10:55:17.930root 11241100x80000000000000002048560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8751775829ec8832022-02-14 10:55:17.930root 11241100x80000000000000002048561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306ade5768414ea12022-02-14 10:55:18.430root 11241100x80000000000000002048562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e92e64cd3f27d82022-02-14 10:55:18.430root 11241100x80000000000000002048563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076f155bf4ee79f22022-02-14 10:55:18.430root 11241100x80000000000000002048564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cc8ac0ef220f282022-02-14 10:55:18.430root 11241100x80000000000000002048565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02f94d4e38578692022-02-14 10:55:18.430root 11241100x80000000000000002048566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0a823d78d69e4a2022-02-14 10:55:18.930root 11241100x80000000000000002048567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d6761e7b10f4762022-02-14 10:55:18.930root 11241100x80000000000000002048568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe13d0828e712682022-02-14 10:55:18.930root 11241100x80000000000000002048569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb69128c31cd77e2022-02-14 10:55:18.930root 11241100x80000000000000002048570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0322b4d330a3535a2022-02-14 10:55:18.930root 11241100x80000000000000002048571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f1c5e796ea1e9c2022-02-14 10:55:19.430root 11241100x80000000000000002048572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0056f2893a8137e22022-02-14 10:55:19.430root 11241100x80000000000000002048573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea10c48feb1df832022-02-14 10:55:19.430root 11241100x80000000000000002048574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6371faf2cdd16fcc2022-02-14 10:55:19.430root 11241100x80000000000000002048575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928fd50bf69d2b922022-02-14 10:55:19.430root 11241100x80000000000000002048576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636019cf65fc03c82022-02-14 10:55:19.930root 11241100x80000000000000002048577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938b456c1a5a8b412022-02-14 10:55:19.930root 11241100x80000000000000002048578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d34ca6cf7c09502022-02-14 10:55:19.930root 11241100x80000000000000002048579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399a509ad160b7062022-02-14 10:55:19.930root 11241100x80000000000000002048580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0306551932b57ee2022-02-14 10:55:19.930root 11241100x80000000000000002048581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e05a7b87eb65642022-02-14 10:55:20.430root 11241100x80000000000000002048582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c8ad5b6e72ba3d2022-02-14 10:55:20.430root 11241100x80000000000000002048583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff38b92be6492bb2022-02-14 10:55:20.430root 11241100x80000000000000002048584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c22b01b999666c12022-02-14 10:55:20.430root 11241100x80000000000000002048585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee2dfb07bb6b6cb2022-02-14 10:55:20.430root 11241100x80000000000000002048586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63819c8382197dda2022-02-14 10:55:20.930root 11241100x80000000000000002048587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1087cf785b83ea682022-02-14 10:55:20.930root 11241100x80000000000000002048588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dee1c5ceaa7e4b22022-02-14 10:55:20.930root 11241100x80000000000000002048589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd19019fdda3c0a2022-02-14 10:55:20.930root 11241100x80000000000000002048590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2f4a9c0d5b055c2022-02-14 10:55:20.930root 11241100x80000000000000002048591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964c083f84007dc72022-02-14 10:55:21.430root 11241100x80000000000000002048592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc52334a4cf5655e2022-02-14 10:55:21.432root 11241100x80000000000000002048593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6a71fd0392933b2022-02-14 10:55:21.432root 11241100x80000000000000002048594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fefe9440db90de2022-02-14 10:55:21.432root 11241100x80000000000000002048595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb89ce2dd9985da72022-02-14 10:55:21.432root 11241100x80000000000000002048596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230d4793b588f4402022-02-14 10:55:21.930root 11241100x80000000000000002048597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa35750469a631db2022-02-14 10:55:21.930root 11241100x80000000000000002048598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7767b66afdf772932022-02-14 10:55:21.930root 11241100x80000000000000002048599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a20af897e5196452022-02-14 10:55:21.930root 11241100x80000000000000002048600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0537c81b08bf4bbd2022-02-14 10:55:21.930root 354300x80000000000000002048601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.093{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54656-false10.0.1.12-8000- 11241100x80000000000000002048602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1387f50c5506dc2022-02-14 10:55:22.430root 11241100x80000000000000002048603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd9ba205776d4fd2022-02-14 10:55:22.430root 11241100x80000000000000002048604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec29ee52990ae912022-02-14 10:55:22.430root 11241100x80000000000000002048605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4a9f78dd1edb0f2022-02-14 10:55:22.430root 11241100x80000000000000002048606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdba653706320512022-02-14 10:55:22.430root 11241100x80000000000000002048607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e479f277b47b772022-02-14 10:55:22.430root 11241100x80000000000000002048608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e472a22ff67739f02022-02-14 10:55:22.930root 11241100x80000000000000002048609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867afd9cd820197f2022-02-14 10:55:22.930root 11241100x80000000000000002048610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cef831d9bf05692022-02-14 10:55:22.930root 11241100x80000000000000002048611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eceb55e2d9ff1db2022-02-14 10:55:22.930root 11241100x80000000000000002048612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d879bd50977658d02022-02-14 10:55:22.930root 11241100x80000000000000002048613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8f13f487c398732022-02-14 10:55:22.930root 11241100x80000000000000002048614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c5e0498ff1534e2022-02-14 10:55:23.430root 11241100x80000000000000002048615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a819da8934aa6c2022-02-14 10:55:23.430root 11241100x80000000000000002048616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d7a6b8f60032532022-02-14 10:55:23.430root 11241100x80000000000000002048617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e73a48fa0ff8c0e2022-02-14 10:55:23.430root 11241100x80000000000000002048618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66998b53a1e0926a2022-02-14 10:55:23.430root 11241100x80000000000000002048619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83754dff80537b5b2022-02-14 10:55:23.430root 11241100x80000000000000002048620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ea8ff883e24f372022-02-14 10:55:23.930root 11241100x80000000000000002048621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1cbb5fadb38f5c2022-02-14 10:55:23.930root 11241100x80000000000000002048622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a486f929f7a7d8512022-02-14 10:55:23.930root 11241100x80000000000000002048623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ec3f5a0edf04e82022-02-14 10:55:23.930root 11241100x80000000000000002048624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efba4123dd4abada2022-02-14 10:55:23.930root 11241100x80000000000000002048625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5410eaa24caf3e22022-02-14 10:55:23.930root 11241100x80000000000000002048626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732d870e97e08b402022-02-14 10:55:24.430root 11241100x80000000000000002048627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cd7aef06d2300e2022-02-14 10:55:24.430root 11241100x80000000000000002048628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591b11d3f832651f2022-02-14 10:55:24.430root 11241100x80000000000000002048629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b6b5642eda1bdc2022-02-14 10:55:24.430root 11241100x80000000000000002048630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0f13aad0d7a8c32022-02-14 10:55:24.430root 11241100x80000000000000002048631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66975f92587155422022-02-14 10:55:24.430root 11241100x80000000000000002048632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f481cf5e7e59e4f92022-02-14 10:55:24.930root 11241100x80000000000000002048633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00dd52eaac9e2bd2022-02-14 10:55:24.930root 11241100x80000000000000002048634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24d69d6b26d87c32022-02-14 10:55:24.930root 11241100x80000000000000002048635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ea9ba9eb20557a2022-02-14 10:55:24.930root 11241100x80000000000000002048636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752145b01d7a76e82022-02-14 10:55:24.930root 11241100x80000000000000002048637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ec091cc8e278e42022-02-14 10:55:24.930root 11241100x80000000000000002048638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67bf0a355a740c12022-02-14 10:55:25.430root 11241100x80000000000000002048639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8548d0f5e8f3b3c2022-02-14 10:55:25.430root 11241100x80000000000000002048640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f039ff277d1ea42022-02-14 10:55:25.430root 11241100x80000000000000002048641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a99d09e1b1fe58c2022-02-14 10:55:25.430root 11241100x80000000000000002048642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ad4b4109e883ba2022-02-14 10:55:25.430root 11241100x80000000000000002048643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26653a07d1f93abb2022-02-14 10:55:25.430root 11241100x80000000000000002048644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6220a61cf1e1e51e2022-02-14 10:55:25.930root 11241100x80000000000000002048645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713c08064432e0ee2022-02-14 10:55:25.930root 11241100x80000000000000002048646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb83f95ab1b56a2022-02-14 10:55:25.930root 11241100x80000000000000002048647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d25ec9d1ae87fd2022-02-14 10:55:25.930root 11241100x80000000000000002048648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2efcb7f7624eebe2022-02-14 10:55:25.930root 11241100x80000000000000002048649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838f1dbfcbf9d2c62022-02-14 10:55:25.930root 11241100x80000000000000002048650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768ff460f6e6e04d2022-02-14 10:55:26.430root 11241100x80000000000000002048651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2554a7f696279012022-02-14 10:55:26.430root 11241100x80000000000000002048652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c873bd719ad8b3ae2022-02-14 10:55:26.430root 11241100x80000000000000002048653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2218580f4159b2022-02-14 10:55:26.430root 11241100x80000000000000002048654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced2720c290e25462022-02-14 10:55:26.430root 11241100x80000000000000002048655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcebfbcd1f4e0532022-02-14 10:55:26.430root 11241100x80000000000000002048656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711cf2568d3562b72022-02-14 10:55:26.930root 11241100x80000000000000002048657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8f87c0b5fc43f02022-02-14 10:55:26.930root 11241100x80000000000000002048658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5812c27bf0c9ac2022-02-14 10:55:26.930root 11241100x80000000000000002048659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a3e06fec9d4de02022-02-14 10:55:26.930root 11241100x80000000000000002048660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475a264612ec979c2022-02-14 10:55:26.930root 11241100x80000000000000002048661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df9ac8e0f3456a62022-02-14 10:55:26.930root 11241100x80000000000000002048662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7378607f1aeb4f5c2022-02-14 10:55:27.430root 11241100x80000000000000002048663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41980b9ff87150d12022-02-14 10:55:27.430root 11241100x80000000000000002048664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6378a30fc933af202022-02-14 10:55:27.430root 11241100x80000000000000002048665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f8e2a18ce106662022-02-14 10:55:27.430root 11241100x80000000000000002048666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2a3fb4a27862162022-02-14 10:55:27.430root 11241100x80000000000000002048667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb60c53bb07f489e2022-02-14 10:55:27.430root 11241100x80000000000000002048668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ae05daffa827862022-02-14 10:55:27.930root 11241100x80000000000000002048669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0e3d89b01209262022-02-14 10:55:27.930root 11241100x80000000000000002048670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41abfbe5a34e46212022-02-14 10:55:27.930root 11241100x80000000000000002048671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c2a898021685702022-02-14 10:55:27.930root 11241100x80000000000000002048672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c380471589dd427f2022-02-14 10:55:27.930root 11241100x80000000000000002048673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995949e1b2a789962022-02-14 10:55:27.930root 354300x80000000000000002048674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.061{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54658-false10.0.1.12-8000- 11241100x80000000000000002048675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d4a514369aa4e72022-02-14 10:55:28.430root 11241100x80000000000000002048676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75d5a4c665fb5a82022-02-14 10:55:28.430root 11241100x80000000000000002048677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8189f95e2de7c39f2022-02-14 10:55:28.430root 11241100x80000000000000002048678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26c4f459cda40a92022-02-14 10:55:28.430root 11241100x80000000000000002048679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884ce641c7366aa82022-02-14 10:55:28.430root 11241100x80000000000000002048680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15727ecc2b22d3f2022-02-14 10:55:28.430root 11241100x80000000000000002048681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9762dfb1ffbb4a772022-02-14 10:55:28.430root 11241100x80000000000000002048682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506e616fc01b05b52022-02-14 10:55:28.930root 11241100x80000000000000002048683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe690a221d2e6c02022-02-14 10:55:28.930root 11241100x80000000000000002048684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c62f747cc4674aa2022-02-14 10:55:28.930root 11241100x80000000000000002048685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655ba97765da91c32022-02-14 10:55:28.930root 11241100x80000000000000002048686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217c7470563e28d12022-02-14 10:55:28.930root 11241100x80000000000000002048687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0255f02e022384152022-02-14 10:55:28.930root 11241100x80000000000000002048688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729ed1f7eb5de0e32022-02-14 10:55:28.930root 11241100x80000000000000002048689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a42e2af4d3f31602022-02-14 10:55:29.430root 11241100x80000000000000002048690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540e06d285e485b92022-02-14 10:55:29.430root 11241100x80000000000000002048691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8a358d00f16bcd2022-02-14 10:55:29.430root 11241100x80000000000000002048692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0c8e9d19aba38f2022-02-14 10:55:29.430root 11241100x80000000000000002048693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56518fac6faf3e4c2022-02-14 10:55:29.430root 11241100x80000000000000002048694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07012e57d35ddbc42022-02-14 10:55:29.430root 11241100x80000000000000002048695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c0c0be64c812312022-02-14 10:55:29.431root 11241100x80000000000000002048696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc13f96646651a52022-02-14 10:55:29.930root 11241100x80000000000000002048697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b924b310ec27bed2022-02-14 10:55:29.930root 11241100x80000000000000002048698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776178d71b05e0fd2022-02-14 10:55:29.930root 11241100x80000000000000002048699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9e6bde4e349c092022-02-14 10:55:29.930root 11241100x80000000000000002048700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c8361e950224562022-02-14 10:55:29.930root 11241100x80000000000000002048701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016fdeb76d43e79c2022-02-14 10:55:29.930root 11241100x80000000000000002048702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d156aa816a5699af2022-02-14 10:55:29.930root 11241100x80000000000000002048703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff2514ec86820422022-02-14 10:55:30.430root 11241100x80000000000000002048704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01183cc1f4bb19d42022-02-14 10:55:30.430root 11241100x80000000000000002048705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e39d51f0aab79ea2022-02-14 10:55:30.430root 11241100x80000000000000002048706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66945555df8e88d2022-02-14 10:55:30.430root 11241100x80000000000000002048707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bf579f7228d7442022-02-14 10:55:30.430root 11241100x80000000000000002048708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120834c2ea5a327c2022-02-14 10:55:30.430root 11241100x80000000000000002048709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868f5387f9a9d10a2022-02-14 10:55:30.430root 11241100x80000000000000002048710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c329c71d8298232022-02-14 10:55:30.930root 11241100x80000000000000002048711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2091197089fa4d9e2022-02-14 10:55:30.930root 11241100x80000000000000002048712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfa9f02c478439c2022-02-14 10:55:30.930root 11241100x80000000000000002048713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb97bdb6f7e1cf02022-02-14 10:55:30.930root 11241100x80000000000000002048714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7846b0bd03b2f51c2022-02-14 10:55:30.930root 11241100x80000000000000002048715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f4f1b4cb2955872022-02-14 10:55:30.930root 11241100x80000000000000002048716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e977e195f5855442022-02-14 10:55:30.930root 11241100x80000000000000002048717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a078eb7009ff3ed82022-02-14 10:55:31.430root 11241100x80000000000000002048718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb2d99a3664732c2022-02-14 10:55:31.430root 11241100x80000000000000002048719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5e1aac08c1f2092022-02-14 10:55:31.430root 11241100x80000000000000002048720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b41281de102d32022-02-14 10:55:31.430root 11241100x80000000000000002048721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed19d187c5bf71a92022-02-14 10:55:31.430root 11241100x80000000000000002048722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddad1c2fda854df2022-02-14 10:55:31.430root 11241100x80000000000000002048723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3a0b9aa279d46c2022-02-14 10:55:31.430root 11241100x80000000000000002048724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d39ef37754368c2022-02-14 10:55:31.930root 11241100x80000000000000002048725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dbf7b2d2f741622022-02-14 10:55:31.930root 11241100x80000000000000002048726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1440258194f21f722022-02-14 10:55:31.930root 11241100x80000000000000002048727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d1965e0789c7132022-02-14 10:55:31.930root 11241100x80000000000000002048728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dab85d57c9904822022-02-14 10:55:31.930root 11241100x80000000000000002048729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d198f559582a0822022-02-14 10:55:31.930root 11241100x80000000000000002048730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d7378b8fd39c4e2022-02-14 10:55:31.931root 11241100x80000000000000002048731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c803b2a74331f69f2022-02-14 10:55:32.429root 11241100x80000000000000002048732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2528f89df115e0432022-02-14 10:55:32.430root 11241100x80000000000000002048733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5f032a0b5c91632022-02-14 10:55:32.430root 11241100x80000000000000002048734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e72d1eca842609e2022-02-14 10:55:32.430root 11241100x80000000000000002048735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346ffaa6eb78ed5f2022-02-14 10:55:32.430root 11241100x80000000000000002048736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1150f553231ca3442022-02-14 10:55:32.430root 11241100x80000000000000002048737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195783cda31cc61e2022-02-14 10:55:32.430root 11241100x80000000000000002048738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce41de2574da68fe2022-02-14 10:55:32.930root 11241100x80000000000000002048739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b4684d1e259c982022-02-14 10:55:32.930root 11241100x80000000000000002048740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710d3f507b9d78672022-02-14 10:55:32.930root 11241100x80000000000000002048741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8011062c3485d7352022-02-14 10:55:32.930root 11241100x80000000000000002048742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d9d5841ab592952022-02-14 10:55:32.930root 11241100x80000000000000002048743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9993fe7b41f7212022-02-14 10:55:32.930root 11241100x80000000000000002048744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef55b8d5591e4412022-02-14 10:55:32.930root 11241100x80000000000000002048745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8f3698f96230482022-02-14 10:55:33.430root 11241100x80000000000000002048746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfcf19910eb21d42022-02-14 10:55:33.430root 11241100x80000000000000002048747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2606ec5a7e4c55f2022-02-14 10:55:33.430root 11241100x80000000000000002048748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3f03ffdb6058bd2022-02-14 10:55:33.430root 11241100x80000000000000002048749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2500529c5575572022-02-14 10:55:33.430root 11241100x80000000000000002048750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb97a0f9f22405d2022-02-14 10:55:33.430root 11241100x80000000000000002048751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833a75dea09034c22022-02-14 10:55:33.430root 11241100x80000000000000002048752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f05866272da1562022-02-14 10:55:33.930root 11241100x80000000000000002048753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75755818f2aec6b12022-02-14 10:55:33.930root 11241100x80000000000000002048754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1c0ec4832750ab2022-02-14 10:55:33.930root 11241100x80000000000000002048755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f8de2e3f4beadd2022-02-14 10:55:33.930root 11241100x80000000000000002048756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb41ab8901636562022-02-14 10:55:33.930root 11241100x80000000000000002048757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec07e2b561620462022-02-14 10:55:33.930root 11241100x80000000000000002048758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65175d56c8ab078e2022-02-14 10:55:33.930root 354300x80000000000000002048759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.058{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54660-false10.0.1.12-8000- 11241100x80000000000000002048760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68e2e99b97651002022-02-14 10:55:34.430root 11241100x80000000000000002048761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319d4b416444bc222022-02-14 10:55:34.430root 11241100x80000000000000002048762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9daae8e34be85ae82022-02-14 10:55:34.430root 11241100x80000000000000002048763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c5f3bf30fe55c82022-02-14 10:55:34.430root 11241100x80000000000000002048764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38ff66546422d682022-02-14 10:55:34.430root 11241100x80000000000000002048765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b932b83de6077a122022-02-14 10:55:34.430root 11241100x80000000000000002048766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7987e190c77aad92022-02-14 10:55:34.430root 11241100x80000000000000002048767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf43ab0c153b3d72022-02-14 10:55:34.431root 11241100x80000000000000002048768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50232e72edf6643c2022-02-14 10:55:34.932root 11241100x80000000000000002048769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57773908c0dcfed2022-02-14 10:55:34.932root 11241100x80000000000000002048770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac26e6128c8fce52022-02-14 10:55:34.932root 11241100x80000000000000002048771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6085fbbdf9a271f2022-02-14 10:55:34.932root 11241100x80000000000000002048772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e7f9af9814ba432022-02-14 10:55:34.932root 11241100x80000000000000002048773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad54fa23b0561eb2022-02-14 10:55:34.932root 11241100x80000000000000002048774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0be5f7061ab38312022-02-14 10:55:34.932root 11241100x80000000000000002048775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100f31dcd02b36692022-02-14 10:55:34.932root 11241100x80000000000000002048776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030891338d8f33382022-02-14 10:55:35.430root 11241100x80000000000000002048777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d12b1ed5e6c36d12022-02-14 10:55:35.430root 11241100x80000000000000002048778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee89edb3bcb576482022-02-14 10:55:35.430root 11241100x80000000000000002048779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c041072b222ec0fa2022-02-14 10:55:35.430root 11241100x80000000000000002048780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0e109d1a441f7b2022-02-14 10:55:35.430root 11241100x80000000000000002048781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfe88a2a171a3c42022-02-14 10:55:35.430root 11241100x80000000000000002048782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d4a67ebc4323382022-02-14 10:55:35.430root 11241100x80000000000000002048783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057dda44798553ef2022-02-14 10:55:35.430root 11241100x80000000000000002048784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b035301f63e06f62022-02-14 10:55:35.930root 11241100x80000000000000002048785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e8d24498e6466b2022-02-14 10:55:35.930root 11241100x80000000000000002048786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2c0a17048827602022-02-14 10:55:35.930root 11241100x80000000000000002048787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f0ff6fbd9713c52022-02-14 10:55:35.930root 11241100x80000000000000002048788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2891963c247388c72022-02-14 10:55:35.930root 11241100x80000000000000002048789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b17f19ad574d7c2022-02-14 10:55:35.930root 11241100x80000000000000002048790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11daa1b52a24d062022-02-14 10:55:35.930root 11241100x80000000000000002048791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58eaf2711a1536c2022-02-14 10:55:35.930root 11241100x80000000000000002048792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a66b2875270b8142022-02-14 10:55:36.429root 11241100x80000000000000002048793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08644d2ff817f6742022-02-14 10:55:36.430root 11241100x80000000000000002048794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1934eab63ac474d2022-02-14 10:55:36.430root 11241100x80000000000000002048795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c626c5c0fe32c7de2022-02-14 10:55:36.430root 11241100x80000000000000002048796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2e1a9353828fe92022-02-14 10:55:36.430root 11241100x80000000000000002048797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40df6a901e16c5752022-02-14 10:55:36.430root 11241100x80000000000000002048798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36388be14af6ac242022-02-14 10:55:36.430root 11241100x80000000000000002048799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9396f13d89187ea22022-02-14 10:55:36.430root 11241100x80000000000000002048800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139ff310c10a2f042022-02-14 10:55:36.930root 11241100x80000000000000002048801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a75b93731dd3eb42022-02-14 10:55:36.930root 11241100x80000000000000002048802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f280b00c5ee1f6292022-02-14 10:55:36.930root 11241100x80000000000000002048803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82575a6f170396de2022-02-14 10:55:36.930root 11241100x80000000000000002048804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2e358e728bba422022-02-14 10:55:36.930root 11241100x80000000000000002048805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3e0394b8e676142022-02-14 10:55:36.930root 11241100x80000000000000002048806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cd8c3558d864f12022-02-14 10:55:36.930root 11241100x80000000000000002048807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e95d0ad4c8015a2022-02-14 10:55:36.930root 11241100x80000000000000002048808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24cbeacc3f119a32022-02-14 10:55:37.429root 11241100x80000000000000002048809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb198587d091e192022-02-14 10:55:37.430root 11241100x80000000000000002048810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347a6fa169fde7792022-02-14 10:55:37.430root 11241100x80000000000000002048811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94ea9ba3e8c99f12022-02-14 10:55:37.430root 11241100x80000000000000002048812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c0d655942f3002022-02-14 10:55:37.430root 11241100x80000000000000002048813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec8d44fbf9fd8d02022-02-14 10:55:37.430root 11241100x80000000000000002048814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaf08b2b488a0b52022-02-14 10:55:37.430root 11241100x80000000000000002048815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ab6d9b6e25f2912022-02-14 10:55:37.430root 11241100x80000000000000002048816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fad3b11dc4b7d372022-02-14 10:55:37.932root 11241100x80000000000000002048817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920364e18ada5a1d2022-02-14 10:55:37.933root 11241100x80000000000000002048818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd37b64148f24412022-02-14 10:55:37.933root 11241100x80000000000000002048819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917a84d951376f4e2022-02-14 10:55:37.933root 11241100x80000000000000002048820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ed57b6115082be2022-02-14 10:55:37.933root 11241100x80000000000000002048821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8879ba9b9e653a932022-02-14 10:55:37.933root 11241100x80000000000000002048822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbd7ab65ba58e672022-02-14 10:55:37.933root 11241100x80000000000000002048823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744688e40c0b23682022-02-14 10:55:37.933root 11241100x80000000000000002048824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73ef87e90d308f92022-02-14 10:55:38.430root 11241100x80000000000000002048825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bfe91faabb87d12022-02-14 10:55:38.430root 11241100x80000000000000002048826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad71ee7f28c192622022-02-14 10:55:38.430root 11241100x80000000000000002048827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29aef70dee595f1d2022-02-14 10:55:38.430root 11241100x80000000000000002048828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854825900d2187832022-02-14 10:55:38.430root 11241100x80000000000000002048829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df09bd4ba947f252022-02-14 10:55:38.430root 11241100x80000000000000002048830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe108e9a4a280552022-02-14 10:55:38.430root 11241100x80000000000000002048831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729745d1a89d43322022-02-14 10:55:38.430root 11241100x80000000000000002048832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1addeff7b54a95142022-02-14 10:55:38.930root 11241100x80000000000000002048833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53be394aac681dd2022-02-14 10:55:38.930root 11241100x80000000000000002048834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b8c29f929376602022-02-14 10:55:38.930root 11241100x80000000000000002048835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3668c69f8b60f0902022-02-14 10:55:38.930root 11241100x80000000000000002048836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0922f31f89c82622022-02-14 10:55:38.930root 11241100x80000000000000002048837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c45f35f518565f2022-02-14 10:55:38.930root 11241100x80000000000000002048838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c74099f27394822022-02-14 10:55:38.930root 11241100x80000000000000002048839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:38.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406033f474af3aec2022-02-14 10:55:38.931root 354300x80000000000000002048840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.116{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54662-false10.0.1.12-8000- 11241100x80000000000000002048841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67baf9dd9cf9a9d72022-02-14 10:55:39.430root 11241100x80000000000000002048842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4983643808a1085f2022-02-14 10:55:39.430root 11241100x80000000000000002048843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c54153e47b041322022-02-14 10:55:39.430root 11241100x80000000000000002048844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908e0cdfc9233ea22022-02-14 10:55:39.430root 11241100x80000000000000002048845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce6141360989fea2022-02-14 10:55:39.430root 11241100x80000000000000002048846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cced020b6af00322022-02-14 10:55:39.430root 11241100x80000000000000002048847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da10f02bd1e70302022-02-14 10:55:39.430root 11241100x80000000000000002048848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d42012215b64312022-02-14 10:55:39.430root 11241100x80000000000000002048849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e806cfbd73f5a542022-02-14 10:55:39.430root 11241100x80000000000000002048850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3dd9c91fec9d8af2022-02-14 10:55:39.932root 11241100x80000000000000002048851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeab811dc0fa0d812022-02-14 10:55:39.932root 11241100x80000000000000002048852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d2b6cb748e80552022-02-14 10:55:39.932root 11241100x80000000000000002048853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9203a7920267c73b2022-02-14 10:55:39.932root 11241100x80000000000000002048854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9d54c39800e70d2022-02-14 10:55:39.932root 11241100x80000000000000002048855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9b3498826193722022-02-14 10:55:39.932root 11241100x80000000000000002048856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93abe3cf38a808f2022-02-14 10:55:39.932root 11241100x80000000000000002048857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d57dc2357348d82022-02-14 10:55:39.932root 11241100x80000000000000002048858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:39.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e920fb127e4fddb2022-02-14 10:55:39.932root 11241100x80000000000000002048859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.016{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 10:55:40.016root 11241100x80000000000000002048860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daaaea8bd8f291e12022-02-14 10:55:40.430root 11241100x80000000000000002048861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b1aefa391010bc2022-02-14 10:55:40.430root 11241100x80000000000000002048862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8813b205446a232022-02-14 10:55:40.430root 11241100x80000000000000002048863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4da04e064af03982022-02-14 10:55:40.430root 11241100x80000000000000002048864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8315138fbb1496302022-02-14 10:55:40.430root 11241100x80000000000000002048865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297c70b6373864e42022-02-14 10:55:40.430root 11241100x80000000000000002048866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9921f76728ffeba2022-02-14 10:55:40.430root 11241100x80000000000000002048867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0030f19ee367a5012022-02-14 10:55:40.431root 11241100x80000000000000002048868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90004f6b1bd807d42022-02-14 10:55:40.431root 11241100x80000000000000002048869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2d4b15e6f439e12022-02-14 10:55:40.431root 11241100x80000000000000002048870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374bc69efa641bf52022-02-14 10:55:40.930root 11241100x80000000000000002048871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba464305848cbae2022-02-14 10:55:40.930root 11241100x80000000000000002048872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85f945d239d62082022-02-14 10:55:40.930root 11241100x80000000000000002048873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff04d361643f0652022-02-14 10:55:40.930root 11241100x80000000000000002048874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b5ad53b2ffd2882022-02-14 10:55:40.930root 11241100x80000000000000002048875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de1ebf97b4d21da2022-02-14 10:55:40.930root 11241100x80000000000000002048876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a18a71a57671f12022-02-14 10:55:40.930root 11241100x80000000000000002048877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b715fa4f677c39d2022-02-14 10:55:40.931root 11241100x80000000000000002048878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357bb42f96aa39012022-02-14 10:55:40.931root 11241100x80000000000000002048879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3985a188c4cc53a2022-02-14 10:55:40.931root 11241100x80000000000000002048880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9067d244a9c99cce2022-02-14 10:55:41.430root 11241100x80000000000000002048881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2baa88a01143f7c62022-02-14 10:55:41.430root 11241100x80000000000000002048882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1481f8b5d3e88f2022-02-14 10:55:41.430root 11241100x80000000000000002048883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a2e620388c71512022-02-14 10:55:41.430root 11241100x80000000000000002048884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e824e4329e68a39f2022-02-14 10:55:41.430root 11241100x80000000000000002048885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dfa27089e3dabf2022-02-14 10:55:41.430root 11241100x80000000000000002048886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8209a4da199fe9e02022-02-14 10:55:41.430root 11241100x80000000000000002048887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d5ed5ac51acce32022-02-14 10:55:41.430root 11241100x80000000000000002048888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397acb75592f73872022-02-14 10:55:41.430root 11241100x80000000000000002048889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91ec321ba903d5c2022-02-14 10:55:41.430root 11241100x80000000000000002048890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcefb196a400086d2022-02-14 10:55:41.930root 11241100x80000000000000002048891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49549293f4fc2e942022-02-14 10:55:41.930root 11241100x80000000000000002048892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cf2522c5ae70a82022-02-14 10:55:41.930root 11241100x80000000000000002048893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0751497b20e47c2022-02-14 10:55:41.930root 11241100x80000000000000002048894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68bc19045f1d9dc2022-02-14 10:55:41.930root 11241100x80000000000000002048895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec53b432404856a2022-02-14 10:55:41.930root 11241100x80000000000000002048896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb5963362353cb82022-02-14 10:55:41.930root 11241100x80000000000000002048897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cd1bcb4c76f4fb2022-02-14 10:55:41.930root 11241100x80000000000000002048898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02be8fdb9c9b5fa82022-02-14 10:55:41.931root 11241100x80000000000000002048899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5913e19f19c579432022-02-14 10:55:41.931root 11241100x80000000000000002048900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b57747c92abf1822022-02-14 10:55:42.430root 11241100x80000000000000002048901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3062839d2139000f2022-02-14 10:55:42.430root 11241100x80000000000000002048902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c525b495c87a0bb22022-02-14 10:55:42.430root 11241100x80000000000000002048903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bdd61d849c7a0e2022-02-14 10:55:42.430root 11241100x80000000000000002048904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5f2f1af1d5760a2022-02-14 10:55:42.430root 11241100x80000000000000002048905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e43bee5700f9692022-02-14 10:55:42.430root 11241100x80000000000000002048906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022c305b2f21ea742022-02-14 10:55:42.430root 11241100x80000000000000002048907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a835cfab5aef652022-02-14 10:55:42.430root 11241100x80000000000000002048908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9009fb2907fc025c2022-02-14 10:55:42.431root 11241100x80000000000000002048909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fee8fab7777ddbb2022-02-14 10:55:42.431root 11241100x80000000000000002048910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0817e6183febeb3b2022-02-14 10:55:42.930root 11241100x80000000000000002048911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40163b5c6f2a781a2022-02-14 10:55:42.930root 11241100x80000000000000002048912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2faef57e27e8572022-02-14 10:55:42.930root 11241100x80000000000000002048913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85176d97f15921f2022-02-14 10:55:42.930root 11241100x80000000000000002048914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dc5f18c5a7c7842022-02-14 10:55:42.930root 11241100x80000000000000002048915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce33487bd8e5cd92022-02-14 10:55:42.930root 11241100x80000000000000002048916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00216986522b9e562022-02-14 10:55:42.930root 11241100x80000000000000002048917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737f3a80c17be49b2022-02-14 10:55:42.930root 11241100x80000000000000002048918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c438dce39410fef52022-02-14 10:55:42.930root 11241100x80000000000000002048919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e51df97f8b099d2022-02-14 10:55:42.931root 23542300x80000000000000002048920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.017{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000002048921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0d4aa201d216b42022-02-14 10:55:43.430root 11241100x80000000000000002048922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3715ab9108ae8c2022-02-14 10:55:43.430root 11241100x80000000000000002048923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06efdf43c8f5fd7c2022-02-14 10:55:43.430root 11241100x80000000000000002048924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d8a0ea836ac3722022-02-14 10:55:43.430root 11241100x80000000000000002048925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbed6d448d18e0d2022-02-14 10:55:43.430root 11241100x80000000000000002048926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad8650295cbd73e2022-02-14 10:55:43.430root 11241100x80000000000000002048927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a3f01cf52044582022-02-14 10:55:43.430root 11241100x80000000000000002048928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a400376d434f85ac2022-02-14 10:55:43.431root 11241100x80000000000000002048929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526aa59e1dfca8582022-02-14 10:55:43.431root 11241100x80000000000000002048930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe3e2a959742aa02022-02-14 10:55:43.431root 11241100x80000000000000002048931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc93cf44df4d70a2022-02-14 10:55:43.431root 11241100x80000000000000002048932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f014c7c8f5833a02022-02-14 10:55:43.930root 11241100x80000000000000002048933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35025f42cdd3daab2022-02-14 10:55:43.930root 11241100x80000000000000002048934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33ce4a126e977c92022-02-14 10:55:43.930root 11241100x80000000000000002048935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b227fe56debd9aee2022-02-14 10:55:43.930root 11241100x80000000000000002048936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91381ebc319a0fe2022-02-14 10:55:43.930root 11241100x80000000000000002048937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d963e5f2f38972022-02-14 10:55:43.930root 11241100x80000000000000002048938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ee4f47dd96775c2022-02-14 10:55:43.930root 11241100x80000000000000002048939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f938d76a30b88662022-02-14 10:55:43.931root 11241100x80000000000000002048940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ee4a4bd51b88952022-02-14 10:55:43.931root 11241100x80000000000000002048941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a8ddf2f55f944f2022-02-14 10:55:43.931root 11241100x80000000000000002048942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:43.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0090cc2cf49133b02022-02-14 10:55:43.931root 354300x80000000000000002048943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.245{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54664-false10.0.1.12-8000- 11241100x80000000000000002048944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.246{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b2768d05b6e5412022-02-14 10:55:44.246root 11241100x80000000000000002048945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.246{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276ff0a4a6bd1fbc2022-02-14 10:55:44.246root 11241100x80000000000000002048946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.246{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9399f7b0b8eb3a672022-02-14 10:55:44.246root 11241100x80000000000000002048947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.246{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e064b4ae6196b4d2022-02-14 10:55:44.246root 11241100x80000000000000002048948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.246{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0e5c7a6b48a2112022-02-14 10:55:44.246root 11241100x80000000000000002048949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.246{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828da0aa96d0d8fb2022-02-14 10:55:44.246root 11241100x80000000000000002048950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.246{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602784eb5d4e3cac2022-02-14 10:55:44.246root 11241100x80000000000000002048951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.246{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd452c46d37faa52022-02-14 10:55:44.246root 11241100x80000000000000002048952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.247{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8997d31c6d1ebcde2022-02-14 10:55:44.247root 11241100x80000000000000002048953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.247{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e5b424932f768e2022-02-14 10:55:44.247root 11241100x80000000000000002048954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.247{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a708b01e102d27272022-02-14 10:55:44.247root 11241100x80000000000000002048955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.247{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9d72ac205c5bb82022-02-14 10:55:44.247root 11241100x80000000000000002048956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.247{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9c0d709fb95b662022-02-14 10:55:44.247root 11241100x80000000000000002048957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.247{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efa503480363c8a2022-02-14 10:55:44.247root 11241100x80000000000000002048958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.247{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3e5742e1dae9602022-02-14 10:55:44.247root 11241100x80000000000000002048959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082ffe4f7ac134882022-02-14 10:55:44.680root 11241100x80000000000000002048960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688f97b0ecd1dc072022-02-14 10:55:44.680root 11241100x80000000000000002048961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749617838c5a81602022-02-14 10:55:44.680root 11241100x80000000000000002048962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de3806e3be81cfd2022-02-14 10:55:44.680root 11241100x80000000000000002048963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fe5927bda968762022-02-14 10:55:44.680root 11241100x80000000000000002048964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058e8a85cd4d1e342022-02-14 10:55:44.680root 11241100x80000000000000002048965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f36dc2e2237f70a2022-02-14 10:55:44.680root 11241100x80000000000000002048966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a989917c1f53f7a2022-02-14 10:55:44.681root 11241100x80000000000000002048967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6e0d3373b979282022-02-14 10:55:44.681root 11241100x80000000000000002048968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab635f75c4d798e2022-02-14 10:55:44.681root 11241100x80000000000000002048969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d6a27fb9ed1c4a2022-02-14 10:55:44.681root 11241100x80000000000000002048970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee1b7b1cc437e682022-02-14 10:55:44.681root 154100x80000000000000002048971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.039{ec2ab09f-3531-620a-68a4-727076550000}2406/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2ab09f-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}871--- 11241100x80000000000000002048972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2904e7e7b6e656f92022-02-14 10:55:45.040root 11241100x80000000000000002048973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effe0a4148d7253b2022-02-14 10:55:45.040root 11241100x80000000000000002048974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2155d59f5e84752022-02-14 10:55:45.041root 11241100x80000000000000002048975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea67144bfd2fdb62022-02-14 10:55:45.041root 11241100x80000000000000002048976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dcf255f25107552022-02-14 10:55:45.041root 11241100x80000000000000002048977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505780fa22cc94462022-02-14 10:55:45.041root 11241100x80000000000000002048978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dbd37fb71995ce2022-02-14 10:55:45.041root 11241100x80000000000000002048979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8104c2d6a7fc412022-02-14 10:55:45.041root 11241100x80000000000000002048980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e51738005f7d76d2022-02-14 10:55:45.041root 11241100x80000000000000002048981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8e9354e3b42aec2022-02-14 10:55:45.041root 11241100x80000000000000002048982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c100a7505b7a1e2022-02-14 10:55:45.041root 11241100x80000000000000002048983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe3fc0a1e3177522022-02-14 10:55:45.041root 534500x80000000000000002048984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.053{ec2ab09f-3531-620a-68a4-727076550000}2406/bin/psroot 11241100x80000000000000002048985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ce3da5827483cf2022-02-14 10:55:45.430root 11241100x80000000000000002048986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037cd36ed8ae49ba2022-02-14 10:55:45.430root 11241100x80000000000000002048987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d522347d2f06c1f12022-02-14 10:55:45.430root 11241100x80000000000000002048988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1002368f30d0f3ce2022-02-14 10:55:45.430root 11241100x80000000000000002048989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f36eca1e2209f8c2022-02-14 10:55:45.430root 11241100x80000000000000002048990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7b109a55d736982022-02-14 10:55:45.431root 11241100x80000000000000002048991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c409668b74c8da3d2022-02-14 10:55:45.431root 11241100x80000000000000002048992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aff566eb92b7692022-02-14 10:55:45.431root 11241100x80000000000000002048993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e49ec77734e4cf42022-02-14 10:55:45.431root 11241100x80000000000000002048994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16528fbbaf815cb2022-02-14 10:55:45.431root 11241100x80000000000000002048995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c443e28f9dc3882022-02-14 10:55:45.431root 11241100x80000000000000002048996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13bc46e996ea19c2022-02-14 10:55:45.431root 11241100x80000000000000002048997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32fff652a3f9bf22022-02-14 10:55:45.431root 11241100x80000000000000002048998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a52be6a5a2368d2022-02-14 10:55:45.431root 11241100x80000000000000002048999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96908df64903e7842022-02-14 10:55:45.931root 11241100x80000000000000002049000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbcc2661e00461d2022-02-14 10:55:45.931root 11241100x80000000000000002049001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5daed6c77bf0cb2022-02-14 10:55:45.932root 11241100x80000000000000002049002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6cd744eaf58ce52022-02-14 10:55:45.932root 11241100x80000000000000002049003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60156c064e69247c2022-02-14 10:55:45.932root 11241100x80000000000000002049004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62385e1674acf52b2022-02-14 10:55:45.932root 11241100x80000000000000002049005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2c2e409f34e1142022-02-14 10:55:45.932root 11241100x80000000000000002049006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116f7bb41188e96b2022-02-14 10:55:45.932root 11241100x80000000000000002049007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5943d4c2ac072cb62022-02-14 10:55:45.932root 11241100x80000000000000002049008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf5eec33bf16b162022-02-14 10:55:45.932root 11241100x80000000000000002049009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b88ce5ee5abb122022-02-14 10:55:45.932root 11241100x80000000000000002049010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf9170f7366d44d2022-02-14 10:55:45.932root 11241100x80000000000000002049011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fa384ed33a86e12022-02-14 10:55:45.932root 11241100x80000000000000002049012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:45.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6666607bfa5ae532022-02-14 10:55:45.932root 11241100x80000000000000002049013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83987042a7bb3c3a2022-02-14 10:55:46.430root 11241100x80000000000000002049014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad8dba867dffdcd2022-02-14 10:55:46.430root 11241100x80000000000000002049015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2221fa46a55e8312022-02-14 10:55:46.430root 11241100x80000000000000002049016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cf00881a22a9cf2022-02-14 10:55:46.430root 11241100x80000000000000002049017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c027e0f2131e6a432022-02-14 10:55:46.430root 11241100x80000000000000002049018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd013125099496452022-02-14 10:55:46.430root 11241100x80000000000000002049019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec8cc4832221e6a2022-02-14 10:55:46.430root 11241100x80000000000000002049020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351eb94770f66c532022-02-14 10:55:46.431root 11241100x80000000000000002049021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162426ddbe7ce3592022-02-14 10:55:46.431root 11241100x80000000000000002049022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8baa8d3a00bf2412022-02-14 10:55:46.431root 11241100x80000000000000002049023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175771dd4527ce4a2022-02-14 10:55:46.431root 11241100x80000000000000002049024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3df730a78c6c3b2022-02-14 10:55:46.431root 11241100x80000000000000002049025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbfac28ebef4dc12022-02-14 10:55:46.431root 11241100x80000000000000002049026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d266df2a133eab0c2022-02-14 10:55:46.431root 11241100x80000000000000002049027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9016c120bc06b192022-02-14 10:55:46.930root 11241100x80000000000000002049028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0025521c16189222022-02-14 10:55:46.930root 11241100x80000000000000002049029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934eadffa40d48682022-02-14 10:55:46.930root 11241100x80000000000000002049030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ed283e77bad4bb2022-02-14 10:55:46.931root 11241100x80000000000000002049031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4987f4c78207bfd82022-02-14 10:55:46.931root 11241100x80000000000000002049032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd287fd3ae7d4cc2022-02-14 10:55:46.931root 11241100x80000000000000002049033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05eed4827cb3cfa82022-02-14 10:55:46.931root 11241100x80000000000000002049034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee51663f8adfb1fc2022-02-14 10:55:46.931root 11241100x80000000000000002049035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab16538a4e15c0de2022-02-14 10:55:46.931root 11241100x80000000000000002049036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7441e2c0576de2dc2022-02-14 10:55:46.932root 11241100x80000000000000002049037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f77da0b4ad3a4c2022-02-14 10:55:46.932root 11241100x80000000000000002049038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c7de808f6cc7de2022-02-14 10:55:46.932root 11241100x80000000000000002049039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7292b67c2797bf372022-02-14 10:55:46.932root 11241100x80000000000000002049040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e12d17dc53210c02022-02-14 10:55:46.932root 11241100x80000000000000002049041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ccac601a6dea632022-02-14 10:55:47.430root 11241100x80000000000000002049042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164c3e97e45327182022-02-14 10:55:47.430root 11241100x80000000000000002049043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93246f2bd62e0ed62022-02-14 10:55:47.430root 11241100x80000000000000002049044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddef98f65eba9162022-02-14 10:55:47.431root 11241100x80000000000000002049045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26834ccfaaeacc262022-02-14 10:55:47.431root 11241100x80000000000000002049046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8be8f17e8398852022-02-14 10:55:47.431root 11241100x80000000000000002049047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bedfdacb46e4d12022-02-14 10:55:47.431root 11241100x80000000000000002049048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3a9ce530c6ec5b2022-02-14 10:55:47.431root 11241100x80000000000000002049049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47f24b8468433f82022-02-14 10:55:47.431root 11241100x80000000000000002049050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2933c6643eed5ab2022-02-14 10:55:47.431root 11241100x80000000000000002049051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355d5e51f1ccceac2022-02-14 10:55:47.431root 11241100x80000000000000002049052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696c774747dff9252022-02-14 10:55:47.432root 11241100x80000000000000002049053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702ea2d787b44a9d2022-02-14 10:55:47.432root 11241100x80000000000000002049054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45634da48b98ff2e2022-02-14 10:55:47.432root 11241100x80000000000000002049055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6870b12fe2f525312022-02-14 10:55:47.930root 11241100x80000000000000002049056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4081fb11bd768fb42022-02-14 10:55:47.930root 11241100x80000000000000002049057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437d53de5b70a14c2022-02-14 10:55:47.930root 11241100x80000000000000002049058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80457135f0cd56d82022-02-14 10:55:47.930root 11241100x80000000000000002049059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9318e5961de51d882022-02-14 10:55:47.930root 11241100x80000000000000002049060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ba322bb9c25de72022-02-14 10:55:47.930root 11241100x80000000000000002049061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522e09b6263a03cf2022-02-14 10:55:47.930root 11241100x80000000000000002049062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae39761925856c1f2022-02-14 10:55:47.931root 11241100x80000000000000002049063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42012134319e78d22022-02-14 10:55:47.931root 11241100x80000000000000002049064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b21ecc17fed23ae2022-02-14 10:55:47.931root 11241100x80000000000000002049065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0918b900d1efc8652022-02-14 10:55:47.931root 11241100x80000000000000002049066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30e267d9b0dc87b2022-02-14 10:55:47.931root 11241100x80000000000000002049067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3641a434ccf59a782022-02-14 10:55:47.931root 11241100x80000000000000002049068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2938da62e46f5b72022-02-14 10:55:47.931root 11241100x80000000000000002049069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83dafd92551a9182022-02-14 10:55:48.430root 11241100x80000000000000002049070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021decf73777e44c2022-02-14 10:55:48.430root 11241100x80000000000000002049071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f33258078b8c9d2022-02-14 10:55:48.430root 11241100x80000000000000002049072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9f81da0211af532022-02-14 10:55:48.430root 11241100x80000000000000002049073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72e71a0461656292022-02-14 10:55:48.430root 11241100x80000000000000002049074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1285535140ebc3cd2022-02-14 10:55:48.430root 11241100x80000000000000002049075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc721219ec0417f02022-02-14 10:55:48.431root 11241100x80000000000000002049076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a2bc6a7c239b8d2022-02-14 10:55:48.431root 11241100x80000000000000002049077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8691759abf43c4932022-02-14 10:55:48.431root 11241100x80000000000000002049078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce16cbb254586fb02022-02-14 10:55:48.431root 11241100x80000000000000002049079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd5408e119e93f72022-02-14 10:55:48.431root 11241100x80000000000000002049080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e07bae7748629f2022-02-14 10:55:48.431root 11241100x80000000000000002049081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030a0c2fc53a57be2022-02-14 10:55:48.431root 11241100x80000000000000002049082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6922407617f81a2022-02-14 10:55:48.431root 11241100x80000000000000002049083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a65177078fc4112022-02-14 10:55:48.930root 11241100x80000000000000002049084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c8436e039228ab2022-02-14 10:55:48.930root 11241100x80000000000000002049085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9150619a6e2dd1f2022-02-14 10:55:48.930root 11241100x80000000000000002049086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6681fafcab5d50f2022-02-14 10:55:48.930root 11241100x80000000000000002049087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359c6b7b5ef1b1a82022-02-14 10:55:48.930root 11241100x80000000000000002049088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cdf248c360ce822022-02-14 10:55:48.930root 11241100x80000000000000002049089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fdbd870e7cc4052022-02-14 10:55:48.930root 11241100x80000000000000002049090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83506a740d4405c2022-02-14 10:55:48.931root 11241100x80000000000000002049091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966bd84eb5530e652022-02-14 10:55:48.931root 11241100x80000000000000002049092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba15e950db452b42022-02-14 10:55:48.931root 11241100x80000000000000002049093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8945370a3630c92022-02-14 10:55:48.931root 11241100x80000000000000002049094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92656b6bfb812d22022-02-14 10:55:48.931root 11241100x80000000000000002049095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a0979ef3fd72712022-02-14 10:55:48.931root 11241100x80000000000000002049096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e611d86991375f192022-02-14 10:55:48.931root 11241100x80000000000000002049097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9b2810ae96eaa22022-02-14 10:55:49.430root 11241100x80000000000000002049098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80da5c48ea3cb8a82022-02-14 10:55:49.430root 11241100x80000000000000002049099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5f6d824678adf92022-02-14 10:55:49.430root 11241100x80000000000000002049100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0cc15e46ce6fc92022-02-14 10:55:49.430root 11241100x80000000000000002049101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa1b4fb9231fa722022-02-14 10:55:49.430root 11241100x80000000000000002049102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8ac80a053d505b2022-02-14 10:55:49.430root 11241100x80000000000000002049103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2738b220208371702022-02-14 10:55:49.431root 11241100x80000000000000002049104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138391a7d81d481d2022-02-14 10:55:49.431root 11241100x80000000000000002049105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7030150afff892712022-02-14 10:55:49.431root 11241100x80000000000000002049106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840e9aa869ee291c2022-02-14 10:55:49.431root 11241100x80000000000000002049107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adfbd7fd74e92b12022-02-14 10:55:49.431root 11241100x80000000000000002049108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b801f05f861420322022-02-14 10:55:49.431root 11241100x80000000000000002049109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748773276eb400d32022-02-14 10:55:49.431root 11241100x80000000000000002049110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0313d7527fa781a62022-02-14 10:55:49.431root 11241100x80000000000000002049111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3788f6b3cde7412022-02-14 10:55:49.930root 11241100x80000000000000002049112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94047459ea7f73ba2022-02-14 10:55:49.930root 11241100x80000000000000002049113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce69a9b27e0a9d222022-02-14 10:55:49.930root 11241100x80000000000000002049114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7279fe4d8af5907a2022-02-14 10:55:49.930root 11241100x80000000000000002049115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c33ea8adddf8f52022-02-14 10:55:49.930root 11241100x80000000000000002049116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669b85590f5d94972022-02-14 10:55:49.930root 11241100x80000000000000002049117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b7c385a5700f962022-02-14 10:55:49.931root 11241100x80000000000000002049118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baeb7ea1195c6b42022-02-14 10:55:49.931root 11241100x80000000000000002049119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f2f9526273227d2022-02-14 10:55:49.931root 11241100x80000000000000002049120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb139dfccb7b12f2022-02-14 10:55:49.931root 11241100x80000000000000002049121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28d35b4a32250cd2022-02-14 10:55:49.932root 11241100x80000000000000002049122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2fdd9df1a21e792022-02-14 10:55:49.932root 11241100x80000000000000002049123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021d9573808478db2022-02-14 10:55:49.932root 11241100x80000000000000002049124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dbde623a0d326e2022-02-14 10:55:49.932root 354300x80000000000000002049125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.166{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54666-false10.0.1.12-8000- 11241100x80000000000000002049126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0382c54bb8206762022-02-14 10:55:50.430root 11241100x80000000000000002049127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a3f6edba6a4b6a2022-02-14 10:55:50.430root 11241100x80000000000000002049128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4c1d3c481527fd2022-02-14 10:55:50.430root 11241100x80000000000000002049129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261998db9d7b46672022-02-14 10:55:50.430root 11241100x80000000000000002049130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29886a79148665be2022-02-14 10:55:50.430root 11241100x80000000000000002049131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e539c712a4a8b02022-02-14 10:55:50.430root 11241100x80000000000000002049132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350a829b7512b9c02022-02-14 10:55:50.430root 11241100x80000000000000002049133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc5f4b284bc20072022-02-14 10:55:50.431root 11241100x80000000000000002049134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2daec3a52c2f10db2022-02-14 10:55:50.431root 11241100x80000000000000002049135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4ac55a034d16882022-02-14 10:55:50.431root 11241100x80000000000000002049136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06364274cb33c4932022-02-14 10:55:50.431root 11241100x80000000000000002049137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d858d7347f36acb2022-02-14 10:55:50.431root 11241100x80000000000000002049138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cfd9698cf73df72022-02-14 10:55:50.432root 11241100x80000000000000002049139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17510cdcb7108ea2022-02-14 10:55:50.432root 11241100x80000000000000002049140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f13244b74dfb842022-02-14 10:55:50.432root 11241100x80000000000000002049141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85672edb85a101d62022-02-14 10:55:50.930root 11241100x80000000000000002049142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b67fbfccd81dec2022-02-14 10:55:50.930root 11241100x80000000000000002049143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bd7c087c7250d52022-02-14 10:55:50.930root 11241100x80000000000000002049144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf8e1b301c48d9a2022-02-14 10:55:50.930root 11241100x80000000000000002049145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a0c5f18f2d40752022-02-14 10:55:50.930root 11241100x80000000000000002049146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b19e4d626be866e2022-02-14 10:55:50.931root 11241100x80000000000000002049147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ec2912890c16c02022-02-14 10:55:50.931root 11241100x80000000000000002049148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2591fba53874122022-02-14 10:55:50.931root 11241100x80000000000000002049149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe85e85285bce2b2022-02-14 10:55:50.931root 11241100x80000000000000002049150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a60147081a5bfc72022-02-14 10:55:50.931root 11241100x80000000000000002049151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfe37c8b4fcc4282022-02-14 10:55:50.931root 11241100x80000000000000002049152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4ede4ea7184d632022-02-14 10:55:50.931root 11241100x80000000000000002049153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6572ebbc3846532022-02-14 10:55:50.931root 11241100x80000000000000002049154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc33acdb91dede4d2022-02-14 10:55:50.931root 11241100x80000000000000002049155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d691a367b1b87542022-02-14 10:55:50.931root 11241100x80000000000000002049156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7581923819893c6f2022-02-14 10:55:51.430root 11241100x80000000000000002049157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f1d0b2c9606f402022-02-14 10:55:51.431root 11241100x80000000000000002049158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d0048c0c838f522022-02-14 10:55:51.432root 11241100x80000000000000002049159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe6629613b9f53a2022-02-14 10:55:51.432root 11241100x80000000000000002049160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce276f2ad13597b12022-02-14 10:55:51.432root 11241100x80000000000000002049161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceda2ae540620432022-02-14 10:55:51.432root 11241100x80000000000000002049162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da1fd45a1d039f92022-02-14 10:55:51.432root 11241100x80000000000000002049163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d34905b7555e37d2022-02-14 10:55:51.432root 11241100x80000000000000002049164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b007e1aaf3b5ae502022-02-14 10:55:51.432root 11241100x80000000000000002049165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0779e06deb9876042022-02-14 10:55:51.432root 11241100x80000000000000002049166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec28a71fea3cda922022-02-14 10:55:51.432root 11241100x80000000000000002049167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2da1ef512714832022-02-14 10:55:51.432root 11241100x80000000000000002049168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf62bbf8769d69e82022-02-14 10:55:51.432root 11241100x80000000000000002049169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f5ff7f93250aad2022-02-14 10:55:51.432root 11241100x80000000000000002049170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b073770fe7d570c2022-02-14 10:55:51.432root 11241100x80000000000000002049171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f37596951903f52022-02-14 10:55:51.930root 11241100x80000000000000002049172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7bd5df2ff6cfbc2022-02-14 10:55:51.930root 11241100x80000000000000002049173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7895b3a08011b982022-02-14 10:55:51.930root 11241100x80000000000000002049174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd152752d6c525022022-02-14 10:55:51.930root 11241100x80000000000000002049175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b79f4c21334a482022-02-14 10:55:51.930root 11241100x80000000000000002049176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf8f5318fded96d2022-02-14 10:55:51.930root 11241100x80000000000000002049177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc6377577e7412d2022-02-14 10:55:51.930root 11241100x80000000000000002049178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48feb2931c5e20972022-02-14 10:55:51.931root 11241100x80000000000000002049179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bce6fcdca2ff492022-02-14 10:55:51.931root 11241100x80000000000000002049180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9606c909508a36492022-02-14 10:55:51.931root 11241100x80000000000000002049181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264264fdc390cf022022-02-14 10:55:51.931root 11241100x80000000000000002049182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553be491c1bc390d2022-02-14 10:55:51.931root 11241100x80000000000000002049183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55725916e82100a22022-02-14 10:55:51.931root 11241100x80000000000000002049184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55f22d790cc984d2022-02-14 10:55:51.931root 11241100x80000000000000002049185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33f357496c432c32022-02-14 10:55:51.931root 11241100x80000000000000002049186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b66b5b2e463420b2022-02-14 10:55:52.429root 11241100x80000000000000002049187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5d94b3c2d50d132022-02-14 10:55:52.430root 11241100x80000000000000002049188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0180f258c48fba2022-02-14 10:55:52.430root 11241100x80000000000000002049189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a5ad4df477ab502022-02-14 10:55:52.430root 11241100x80000000000000002049190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda4c331f35360602022-02-14 10:55:52.430root 11241100x80000000000000002049191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd96a2247cd9d4ed2022-02-14 10:55:52.431root 11241100x80000000000000002049192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee52519bfb815dc22022-02-14 10:55:52.431root 11241100x80000000000000002049193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3c349479145fcd2022-02-14 10:55:52.431root 11241100x80000000000000002049194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fca4a70c3d8be522022-02-14 10:55:52.431root 11241100x80000000000000002049195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66f14ab6c06d9182022-02-14 10:55:52.431root 11241100x80000000000000002049196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b2912c362348d92022-02-14 10:55:52.431root 11241100x80000000000000002049197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82f2776f87cc1432022-02-14 10:55:52.431root 11241100x80000000000000002049198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55d6bceb1038f3e2022-02-14 10:55:52.431root 11241100x80000000000000002049199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac6893868164ff72022-02-14 10:55:52.431root 11241100x80000000000000002049200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d876dc9ed1b0c8a42022-02-14 10:55:52.431root 11241100x80000000000000002049201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f90f1a7e4109d032022-02-14 10:55:52.930root 11241100x80000000000000002049202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e815518d78ebf1102022-02-14 10:55:52.930root 11241100x80000000000000002049203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cecfb1f848809302022-02-14 10:55:52.931root 11241100x80000000000000002049204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e0ef4a6fbbdd152022-02-14 10:55:52.931root 11241100x80000000000000002049205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e34705bd8b4755d2022-02-14 10:55:52.931root 11241100x80000000000000002049206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06af717b30ff00112022-02-14 10:55:52.931root 11241100x80000000000000002049207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42812cf98dab7a052022-02-14 10:55:52.931root 11241100x80000000000000002049208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098762453a5bfbb32022-02-14 10:55:52.931root 11241100x80000000000000002049209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0c2b672e1313d72022-02-14 10:55:52.931root 11241100x80000000000000002049210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7df19c4a63cd2812022-02-14 10:55:52.931root 11241100x80000000000000002049211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c301f01a4ea8147f2022-02-14 10:55:52.932root 11241100x80000000000000002049212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29984394662d3a6f2022-02-14 10:55:52.932root 11241100x80000000000000002049213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08d3fbe138505902022-02-14 10:55:52.932root 11241100x80000000000000002049214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1298445298740e9c2022-02-14 10:55:52.932root 11241100x80000000000000002049215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68ea1d5253e88a32022-02-14 10:55:52.932root 11241100x80000000000000002049216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74afb796a5bb7bca2022-02-14 10:55:53.429root 11241100x80000000000000002049217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6249d6ddf9e03a72022-02-14 10:55:53.430root 11241100x80000000000000002049218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f00039fef7b9a6d2022-02-14 10:55:53.430root 11241100x80000000000000002049219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6a19744651064d2022-02-14 10:55:53.430root 11241100x80000000000000002049220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f075ad716cfdfa152022-02-14 10:55:53.430root 11241100x80000000000000002049221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fced973f8ccc96f2022-02-14 10:55:53.431root 11241100x80000000000000002049222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5672c853e406ee2022-02-14 10:55:53.431root 11241100x80000000000000002049223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a597f6adc37e791a2022-02-14 10:55:53.431root 11241100x80000000000000002049224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ee94a66e3dd8572022-02-14 10:55:53.431root 11241100x80000000000000002049225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f3b0178ba9b28b2022-02-14 10:55:53.431root 11241100x80000000000000002049226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e4dc78fafb73d32022-02-14 10:55:53.431root 11241100x80000000000000002049227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1930aba14a18fbbb2022-02-14 10:55:53.431root 11241100x80000000000000002049228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06130387c5d2f172022-02-14 10:55:53.431root 11241100x80000000000000002049229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8da9c9648a18372022-02-14 10:55:53.432root 11241100x80000000000000002049230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6ba1471c9944f02022-02-14 10:55:53.432root 11241100x80000000000000002049231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6388fb42cc59a1b02022-02-14 10:55:53.433root 11241100x80000000000000002049232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c128c66d0dfee1832022-02-14 10:55:53.930root 11241100x80000000000000002049233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f54321674642c9e2022-02-14 10:55:53.930root 11241100x80000000000000002049234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c48b5ce5ed899c42022-02-14 10:55:53.930root 11241100x80000000000000002049235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2565802694eaea862022-02-14 10:55:53.930root 11241100x80000000000000002049236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571c3513186466bb2022-02-14 10:55:53.930root 11241100x80000000000000002049237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77739a4c8c974342022-02-14 10:55:53.930root 11241100x80000000000000002049238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e31640515b62ef42022-02-14 10:55:53.930root 11241100x80000000000000002049239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76be1b8dc370036d2022-02-14 10:55:53.930root 11241100x80000000000000002049240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2522b866bd592e4d2022-02-14 10:55:53.930root 11241100x80000000000000002049241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9641ce9582d9f072022-02-14 10:55:53.931root 11241100x80000000000000002049242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a0b59470d968262022-02-14 10:55:53.931root 11241100x80000000000000002049243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43533df9b73fbe6a2022-02-14 10:55:53.931root 11241100x80000000000000002049244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619a6b42ef55204b2022-02-14 10:55:53.931root 11241100x80000000000000002049245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab62caabcd12d862022-02-14 10:55:53.931root 11241100x80000000000000002049246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90a056c96ba33072022-02-14 10:55:53.931root 11241100x80000000000000002049247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bc2cb3bd30240b2022-02-14 10:55:54.430root 11241100x80000000000000002049248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9563504103218bc2022-02-14 10:55:54.430root 11241100x80000000000000002049249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0bcb56c931a0412022-02-14 10:55:54.430root 11241100x80000000000000002049250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f609f591ad17ae692022-02-14 10:55:54.430root 11241100x80000000000000002049251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8a577b4b1ceb8e2022-02-14 10:55:54.430root 11241100x80000000000000002049252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557918bbd0c9b7e62022-02-14 10:55:54.431root 11241100x80000000000000002049253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eeff2c0c5c510a2022-02-14 10:55:54.431root 11241100x80000000000000002049254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be6dce2402b81752022-02-14 10:55:54.431root 11241100x80000000000000002049255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d372bf2983de51da2022-02-14 10:55:54.431root 11241100x80000000000000002049256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2060044ec3f8a61d2022-02-14 10:55:54.431root 11241100x80000000000000002049257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e2a4d57f2f144d2022-02-14 10:55:54.431root 11241100x80000000000000002049258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dd07715743dc2f2022-02-14 10:55:54.431root 11241100x80000000000000002049259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059563c1dc62154f2022-02-14 10:55:54.431root 11241100x80000000000000002049260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3175c122abe049d2022-02-14 10:55:54.432root 11241100x80000000000000002049261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d611d9c128bca58f2022-02-14 10:55:54.432root 11241100x80000000000000002049262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba068bc47153542022-02-14 10:55:54.432root 11241100x80000000000000002049263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd21151188cc01e2022-02-14 10:55:54.930root 11241100x80000000000000002049264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d96959f2277bd12022-02-14 10:55:54.930root 11241100x80000000000000002049265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34678e502e151f752022-02-14 10:55:54.930root 11241100x80000000000000002049266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1c0e6646899abd2022-02-14 10:55:54.931root 11241100x80000000000000002049267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50924a36a49f41182022-02-14 10:55:54.931root 11241100x80000000000000002049268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0d08cb793af3672022-02-14 10:55:54.931root 11241100x80000000000000002049269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae34f6929643e4992022-02-14 10:55:54.931root 11241100x80000000000000002049270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fcd493d512e0ff2022-02-14 10:55:54.931root 11241100x80000000000000002049271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f348e50cbc937b8d2022-02-14 10:55:54.931root 11241100x80000000000000002049272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97280ecead28b68c2022-02-14 10:55:54.931root 11241100x80000000000000002049273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f1ba24a99490fe2022-02-14 10:55:54.931root 11241100x80000000000000002049274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8aae1a5b6eb55d2022-02-14 10:55:54.931root 11241100x80000000000000002049275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acb87a5b2c8d9e62022-02-14 10:55:54.931root 11241100x80000000000000002049276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194d4f80ffa5cde92022-02-14 10:55:54.931root 11241100x80000000000000002049277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3766ee5bcd77cf2022-02-14 10:55:54.931root 354300x80000000000000002049278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.218{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54668-false10.0.1.12-8000- 11241100x80000000000000002049279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc693a8494cabfaf2022-02-14 10:55:55.218root 11241100x80000000000000002049280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add00a5ff99fdd332022-02-14 10:55:55.218root 11241100x80000000000000002049281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9fb5a874cf1a1a2022-02-14 10:55:55.219root 11241100x80000000000000002049282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8f43a381031c2b2022-02-14 10:55:55.219root 11241100x80000000000000002049283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edd557204c4e7aa2022-02-14 10:55:55.219root 11241100x80000000000000002049284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85785186376fff362022-02-14 10:55:55.219root 11241100x80000000000000002049285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30a166587711a6b2022-02-14 10:55:55.219root 11241100x80000000000000002049286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a0024e1269b1132022-02-14 10:55:55.219root 11241100x80000000000000002049287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3786179397eb09972022-02-14 10:55:55.219root 11241100x80000000000000002049288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546bf4b0db32415a2022-02-14 10:55:55.219root 11241100x80000000000000002049289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.220{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d5af94230936282022-02-14 10:55:55.220root 11241100x80000000000000002049290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.220{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563099e24dd2a1202022-02-14 10:55:55.220root 11241100x80000000000000002049291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.220{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0abf26b002db512022-02-14 10:55:55.220root 11241100x80000000000000002049292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.220{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009a7b31aba2f34f2022-02-14 10:55:55.220root 11241100x80000000000000002049293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.220{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfc9ef1403f5f3c2022-02-14 10:55:55.220root 11241100x80000000000000002049294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.220{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec161119e601d3832022-02-14 10:55:55.220root 11241100x80000000000000002049295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.220{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be93be8750163c262022-02-14 10:55:55.220root 11241100x80000000000000002049296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d624121fda6d4ec2022-02-14 10:55:55.680root 11241100x80000000000000002049297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d3f8f0eb4f64ed2022-02-14 10:55:55.680root 11241100x80000000000000002049298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da17a3bba2786ef2022-02-14 10:55:55.680root 11241100x80000000000000002049299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc2c5c422de41ee2022-02-14 10:55:55.680root 11241100x80000000000000002049300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f5da996bb0203d2022-02-14 10:55:55.680root 11241100x80000000000000002049301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5488df84fdbb8cc12022-02-14 10:55:55.680root 11241100x80000000000000002049302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdf42ddbc0e7b032022-02-14 10:55:55.681root 11241100x80000000000000002049303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee830c438924ab12022-02-14 10:55:55.681root 11241100x80000000000000002049304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1cc015eebb3b012022-02-14 10:55:55.681root 11241100x80000000000000002049305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487590779a9b89a82022-02-14 10:55:55.681root 11241100x80000000000000002049306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7de963f9fc841f2022-02-14 10:55:55.681root 11241100x80000000000000002049307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840350d81da086112022-02-14 10:55:55.681root 11241100x80000000000000002049308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cf95c77b0267bb2022-02-14 10:55:55.681root 11241100x80000000000000002049309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f338597000f2cd472022-02-14 10:55:55.681root 11241100x80000000000000002049310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b880b86508d6209e2022-02-14 10:55:55.681root 11241100x80000000000000002049311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d100abb525c09002022-02-14 10:55:55.681root 11241100x80000000000000002049312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cbbbe0d615728f2022-02-14 10:55:56.180root 11241100x80000000000000002049313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50da36a37a0b30142022-02-14 10:55:56.180root 11241100x80000000000000002049314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cc25369bd9f7ec2022-02-14 10:55:56.180root 11241100x80000000000000002049315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0d986db2a04a492022-02-14 10:55:56.180root 11241100x80000000000000002049316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68ffd9103f7ebaf2022-02-14 10:55:56.180root 11241100x80000000000000002049317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207943ccdc66bb622022-02-14 10:55:56.180root 11241100x80000000000000002049318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4259349393e3f00b2022-02-14 10:55:56.180root 11241100x80000000000000002049319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb357090f1a66f2022-02-14 10:55:56.180root 11241100x80000000000000002049320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c063d5d5495afd892022-02-14 10:55:56.180root 11241100x80000000000000002049321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7202539a841c01902022-02-14 10:55:56.181root 11241100x80000000000000002049322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda6ab4a43fe5a002022-02-14 10:55:56.181root 11241100x80000000000000002049323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51eac447b0c71da2022-02-14 10:55:56.181root 11241100x80000000000000002049324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c59ac82112c10f52022-02-14 10:55:56.181root 11241100x80000000000000002049325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c722b1c4fe7195b2022-02-14 10:55:56.181root 11241100x80000000000000002049326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c073a31f6e5725bf2022-02-14 10:55:56.181root 11241100x80000000000000002049327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662177cb7427e4422022-02-14 10:55:56.181root 11241100x80000000000000002049328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a470ac1f48f3b82022-02-14 10:55:56.680root 11241100x80000000000000002049329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be548e71dc577efc2022-02-14 10:55:56.680root 11241100x80000000000000002049330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1db7f1801156c82022-02-14 10:55:56.680root 11241100x80000000000000002049331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb35b8f4e2005ea2022-02-14 10:55:56.680root 11241100x80000000000000002049332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e671c2930dc6c2c42022-02-14 10:55:56.680root 11241100x80000000000000002049333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034694a7cd971db72022-02-14 10:55:56.680root 11241100x80000000000000002049334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb7efda0666c0752022-02-14 10:55:56.680root 11241100x80000000000000002049335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3041a8086c07b342022-02-14 10:55:56.680root 11241100x80000000000000002049336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc85678a2c8a1912022-02-14 10:55:56.680root 11241100x80000000000000002049337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f2dcacaf36d1062022-02-14 10:55:56.681root 11241100x80000000000000002049338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868af00e5449449e2022-02-14 10:55:56.681root 11241100x80000000000000002049339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50260cd6c527cb92022-02-14 10:55:56.681root 11241100x80000000000000002049340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fb567a65ea78312022-02-14 10:55:56.681root 11241100x80000000000000002049341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbec7a27efbfef9c2022-02-14 10:55:56.681root 11241100x80000000000000002049342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7161513b11786622022-02-14 10:55:56.681root 11241100x80000000000000002049343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b30d1d1a7dc65e2022-02-14 10:55:56.681root 11241100x80000000000000002049344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305b61dbbdc803152022-02-14 10:55:57.180root 11241100x80000000000000002049345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9408d0b09929d12022-02-14 10:55:57.180root 11241100x80000000000000002049346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bc45d0e5a764c22022-02-14 10:55:57.180root 11241100x80000000000000002049347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32d9a871d2f1af92022-02-14 10:55:57.180root 11241100x80000000000000002049348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371a529a654039992022-02-14 10:55:57.180root 11241100x80000000000000002049349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf408f2028582c362022-02-14 10:55:57.180root 11241100x80000000000000002049350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4743e5abc8fec102022-02-14 10:55:57.180root 11241100x80000000000000002049351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcaef17e9731e5d2022-02-14 10:55:57.181root 11241100x80000000000000002049352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8477c8615f22d02022-02-14 10:55:57.181root 11241100x80000000000000002049353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f9a3bbd8849bf52022-02-14 10:55:57.181root 11241100x80000000000000002049354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dc4704bc447b522022-02-14 10:55:57.181root 11241100x80000000000000002049355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0f7651880b45132022-02-14 10:55:57.181root 11241100x80000000000000002049356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f42b6623db2fff22022-02-14 10:55:57.181root 11241100x80000000000000002049357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0733b7309a639f3d2022-02-14 10:55:57.181root 11241100x80000000000000002049358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc3a870b861adf12022-02-14 10:55:57.181root 11241100x80000000000000002049359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091e46db66980fa02022-02-14 10:55:57.181root 11241100x80000000000000002049360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065355428dddcfbf2022-02-14 10:55:57.680root 11241100x80000000000000002049361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4d38b246c6e4522022-02-14 10:55:57.681root 11241100x80000000000000002049362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0a530a7867b4f72022-02-14 10:55:57.681root 11241100x80000000000000002049363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6208981efaeea0682022-02-14 10:55:57.681root 11241100x80000000000000002049364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e063daff561b6352022-02-14 10:55:57.681root 11241100x80000000000000002049365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce4c5d0ebe9f68b2022-02-14 10:55:57.681root 11241100x80000000000000002049366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f8a458168b30c42022-02-14 10:55:57.681root 11241100x80000000000000002049367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ff9295dbc60fc62022-02-14 10:55:57.681root 11241100x80000000000000002049368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab511b1a8f0a7b02022-02-14 10:55:57.681root 11241100x80000000000000002049369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04af1adf2f32adcb2022-02-14 10:55:57.681root 11241100x80000000000000002049370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42736f7b25dd4a82022-02-14 10:55:57.681root 11241100x80000000000000002049371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496f1c98cb43360c2022-02-14 10:55:57.681root 11241100x80000000000000002049372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4795acf2c923c82022-02-14 10:55:57.681root 11241100x80000000000000002049373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6bbf57b4ecc62d2022-02-14 10:55:57.681root 11241100x80000000000000002049374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc36bf2da76a1992022-02-14 10:55:57.681root 11241100x80000000000000002049375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60184baf249fc06f2022-02-14 10:55:57.681root 11241100x80000000000000002049376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e6e6c93003e4702022-02-14 10:55:58.180root 11241100x80000000000000002049377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c043f6fcd8423a162022-02-14 10:55:58.180root 11241100x80000000000000002049378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f2a0431e0d8d0b2022-02-14 10:55:58.180root 11241100x80000000000000002049379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7f5987bbdd59552022-02-14 10:55:58.180root 11241100x80000000000000002049380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ef3aa974005eb92022-02-14 10:55:58.180root 11241100x80000000000000002049381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d49ac2eaf9c61bf2022-02-14 10:55:58.181root 11241100x80000000000000002049382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68676f114465828e2022-02-14 10:55:58.181root 11241100x80000000000000002049383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad3369b3105708c2022-02-14 10:55:58.181root 11241100x80000000000000002049384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680aa568604bc6172022-02-14 10:55:58.181root 11241100x80000000000000002049385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1d35927d4353c12022-02-14 10:55:58.181root 11241100x80000000000000002049386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac4bfb517f05a702022-02-14 10:55:58.181root 11241100x80000000000000002049387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb4c69e96a64b7a2022-02-14 10:55:58.181root 11241100x80000000000000002049388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6483503c97d7e62022-02-14 10:55:58.181root 11241100x80000000000000002049389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6f31bc251c27082022-02-14 10:55:58.181root 11241100x80000000000000002049390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1fc0e55e29d4ec2022-02-14 10:55:58.181root 11241100x80000000000000002049391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccbdc66e0833b9d2022-02-14 10:55:58.181root 11241100x80000000000000002049392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0521edc89ccfb5eb2022-02-14 10:55:58.680root 11241100x80000000000000002049393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edef13349638d232022-02-14 10:55:58.680root 11241100x80000000000000002049394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08b060ad397d4882022-02-14 10:55:58.680root 11241100x80000000000000002049395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05792ef02397bd7e2022-02-14 10:55:58.680root 11241100x80000000000000002049396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307e8fbd5721399f2022-02-14 10:55:58.680root 11241100x80000000000000002049397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc03fa701f3b45852022-02-14 10:55:58.680root 11241100x80000000000000002049398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45138207b57b49312022-02-14 10:55:58.681root 11241100x80000000000000002049399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458c0a6cf480e1b12022-02-14 10:55:58.681root 11241100x80000000000000002049400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258846bcb01fbea62022-02-14 10:55:58.681root 11241100x80000000000000002049401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ae727439e028a02022-02-14 10:55:58.681root 11241100x80000000000000002049402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a93954c57d31152022-02-14 10:55:58.681root 11241100x80000000000000002049403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fd5019c30092e02022-02-14 10:55:58.681root 11241100x80000000000000002049404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22771f61a4cfd4352022-02-14 10:55:58.681root 11241100x80000000000000002049405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e9df28d9f7fb362022-02-14 10:55:58.681root 11241100x80000000000000002049406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc5a36f70dfcaf72022-02-14 10:55:58.681root 11241100x80000000000000002049407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247582881ab587512022-02-14 10:55:58.682root 11241100x80000000000000002049408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c94680e31f9f81c2022-02-14 10:55:59.180root 11241100x80000000000000002049409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7046c717c3892c392022-02-14 10:55:59.180root 11241100x80000000000000002049410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5391d71e77ac2bc2022-02-14 10:55:59.180root 11241100x80000000000000002049411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4148260770c67472022-02-14 10:55:59.180root 11241100x80000000000000002049412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaacfcd5e54905a2022-02-14 10:55:59.181root 11241100x80000000000000002049413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f01d2770077cef2022-02-14 10:55:59.181root 11241100x80000000000000002049414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468d165227b8a6af2022-02-14 10:55:59.181root 11241100x80000000000000002049415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fef5591c1a436742022-02-14 10:55:59.181root 11241100x80000000000000002049416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7fdca9424bfeea2022-02-14 10:55:59.181root 11241100x80000000000000002049417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7311f329804d19f22022-02-14 10:55:59.181root 11241100x80000000000000002049418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644611bcaa87b1ca2022-02-14 10:55:59.181root 11241100x80000000000000002049419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23533487ac94daca2022-02-14 10:55:59.181root 11241100x80000000000000002049420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a2a2a8ba6e2b552022-02-14 10:55:59.182root 11241100x80000000000000002049421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a02148e1d449fd2022-02-14 10:55:59.182root 11241100x80000000000000002049422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7888f1a6b1330e52022-02-14 10:55:59.182root 11241100x80000000000000002049423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f049184091fb452022-02-14 10:55:59.182root 11241100x80000000000000002049424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f13ea5a28a28e692022-02-14 10:55:59.680root 11241100x80000000000000002049425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3fd88d427ca0c42022-02-14 10:55:59.680root 11241100x80000000000000002049426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb63c456e4252582022-02-14 10:55:59.680root 11241100x80000000000000002049427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0031b11af76fc8a02022-02-14 10:55:59.680root 11241100x80000000000000002049428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681b7c41e7c054af2022-02-14 10:55:59.680root 11241100x80000000000000002049429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a5e0cdaebb2f202022-02-14 10:55:59.680root 11241100x80000000000000002049430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc99e7d20845c482022-02-14 10:55:59.681root 11241100x80000000000000002049431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775f52aaa4b8547f2022-02-14 10:55:59.681root 11241100x80000000000000002049432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c669a96837f69912022-02-14 10:55:59.681root 11241100x80000000000000002049433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855737e025cde19f2022-02-14 10:55:59.681root 11241100x80000000000000002049434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0820a987761b1152022-02-14 10:55:59.682root 11241100x80000000000000002049435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06048729ac98ec402022-02-14 10:55:59.682root 11241100x80000000000000002049436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e22c722682808a2022-02-14 10:55:59.682root 11241100x80000000000000002049437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4748c30f89227a92022-02-14 10:55:59.683root 11241100x80000000000000002049438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96941c01914287ca2022-02-14 10:55:59.683root 11241100x80000000000000002049439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:55:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36ae084a9b450782022-02-14 10:55:59.683root 11241100x80000000000000002049440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939583066fe155812022-02-14 10:56:00.180root 11241100x80000000000000002049441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ec356c719c8e892022-02-14 10:56:00.180root 11241100x80000000000000002049442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa229965a0ffc7c2022-02-14 10:56:00.181root 11241100x80000000000000002049443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec26a8603dc821ab2022-02-14 10:56:00.181root 11241100x80000000000000002049444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7613d59456ba592022-02-14 10:56:00.181root 11241100x80000000000000002049445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4c5fcc52c1d8582022-02-14 10:56:00.181root 11241100x80000000000000002049446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c724e26e76d194132022-02-14 10:56:00.181root 11241100x80000000000000002049447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea427e35bb49d6362022-02-14 10:56:00.181root 11241100x80000000000000002049448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1badf3fd5ae3ab2022-02-14 10:56:00.181root 11241100x80000000000000002049449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83250cf4a7ce5732022-02-14 10:56:00.181root 11241100x80000000000000002049450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea5f2ba1c6bbcd42022-02-14 10:56:00.181root 11241100x80000000000000002049451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3db33cd29a155e2022-02-14 10:56:00.181root 11241100x80000000000000002049452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f00173729e24f1e2022-02-14 10:56:00.181root 11241100x80000000000000002049453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36554b624a59d26e2022-02-14 10:56:00.181root 11241100x80000000000000002049454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a72e899c1488e82022-02-14 10:56:00.182root 11241100x80000000000000002049455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd955e5374a43f672022-02-14 10:56:00.182root 11241100x80000000000000002049456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a43572de70c0df2022-02-14 10:56:00.680root 11241100x80000000000000002049457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decdc01a4241ed2b2022-02-14 10:56:00.680root 11241100x80000000000000002049458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bae7db49c0991372022-02-14 10:56:00.680root 11241100x80000000000000002049459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c785692882aac672022-02-14 10:56:00.680root 11241100x80000000000000002049460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cca8c3567d69eb32022-02-14 10:56:00.680root 11241100x80000000000000002049461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c22cafbc8091c22022-02-14 10:56:00.680root 11241100x80000000000000002049462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a59beb4c35d49962022-02-14 10:56:00.680root 11241100x80000000000000002049463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78abbd8173204ca2022-02-14 10:56:00.681root 11241100x80000000000000002049464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6433c933f76fe8672022-02-14 10:56:00.681root 11241100x80000000000000002049465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809464e1509ea5952022-02-14 10:56:00.681root 11241100x80000000000000002049466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630afacce0dd05d52022-02-14 10:56:00.681root 11241100x80000000000000002049467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2255a6a8d0d16f742022-02-14 10:56:00.681root 11241100x80000000000000002049468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff43d704b9ba3842022-02-14 10:56:00.681root 11241100x80000000000000002049469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22424b63caf6b5e02022-02-14 10:56:00.681root 11241100x80000000000000002049470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef235b0eed4e497a2022-02-14 10:56:00.681root 11241100x80000000000000002049471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:00.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593cf6852fcd304c2022-02-14 10:56:00.682root 11241100x80000000000000002049472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a77a56ea4180fcd2022-02-14 10:56:01.180root 11241100x80000000000000002049473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1278ab371b002222022-02-14 10:56:01.180root 11241100x80000000000000002049474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38cb8de9a1782282022-02-14 10:56:01.181root 11241100x80000000000000002049475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe16d2135d503162022-02-14 10:56:01.181root 11241100x80000000000000002049476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a257e8dfa6b8b02022-02-14 10:56:01.181root 11241100x80000000000000002049477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea0060e779016632022-02-14 10:56:01.181root 11241100x80000000000000002049478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e928305b214d0052022-02-14 10:56:01.182root 11241100x80000000000000002049479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30431456e3c446cc2022-02-14 10:56:01.182root 11241100x80000000000000002049480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cd5b94cb54c47d2022-02-14 10:56:01.182root 11241100x80000000000000002049481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc2121f37c51a922022-02-14 10:56:01.182root 11241100x80000000000000002049482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02879e5ed7b5fd742022-02-14 10:56:01.182root 11241100x80000000000000002049483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee3e549bd35eced2022-02-14 10:56:01.182root 11241100x80000000000000002049484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9add46889ed9da92022-02-14 10:56:01.183root 11241100x80000000000000002049485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20e5d40b954beee2022-02-14 10:56:01.183root 11241100x80000000000000002049486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d54524f0240ded2022-02-14 10:56:01.184root 11241100x80000000000000002049487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446426aaacc25c232022-02-14 10:56:01.184root 354300x80000000000000002049488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.186{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54670-false10.0.1.12-8000- 11241100x80000000000000002049489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a1b5bded4617782022-02-14 10:56:01.680root 11241100x80000000000000002049490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc26282b3c89803b2022-02-14 10:56:01.680root 11241100x80000000000000002049491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f686100d9f0eaf2022-02-14 10:56:01.681root 11241100x80000000000000002049492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2967158003c9a4582022-02-14 10:56:01.681root 11241100x80000000000000002049493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d329750d41c53072022-02-14 10:56:01.681root 11241100x80000000000000002049494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1e06a42d1dc7772022-02-14 10:56:01.681root 11241100x80000000000000002049495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1697d0a46abf0b742022-02-14 10:56:01.681root 11241100x80000000000000002049496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7444df7e9aab0e2d2022-02-14 10:56:01.681root 11241100x80000000000000002049497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2377453c8d3e1e642022-02-14 10:56:01.681root 11241100x80000000000000002049498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282b3b31d0df63472022-02-14 10:56:01.681root 11241100x80000000000000002049499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2de69a5a6118bb62022-02-14 10:56:01.681root 11241100x80000000000000002049500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a425f85ad983638a2022-02-14 10:56:01.682root 11241100x80000000000000002049501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c06bec32dff3c62022-02-14 10:56:01.682root 11241100x80000000000000002049502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ce9103a5bf4f5d2022-02-14 10:56:01.682root 11241100x80000000000000002049503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f66703faf1b4cb2022-02-14 10:56:01.682root 11241100x80000000000000002049504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a37e735e956fb6b2022-02-14 10:56:01.682root 11241100x80000000000000002049505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29faa7cb5c00db562022-02-14 10:56:01.682root 11241100x80000000000000002049506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a145aeb4adffd372022-02-14 10:56:02.180root 11241100x80000000000000002049507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01eaf844782d2ad2022-02-14 10:56:02.180root 11241100x80000000000000002049508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c619cc9849804a02022-02-14 10:56:02.180root 11241100x80000000000000002049509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608eaedf4e1bb0292022-02-14 10:56:02.180root 11241100x80000000000000002049510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c2a224c5e18d852022-02-14 10:56:02.180root 11241100x80000000000000002049511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc669129018c31472022-02-14 10:56:02.180root 11241100x80000000000000002049512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249c53078c26d02f2022-02-14 10:56:02.180root 11241100x80000000000000002049513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e649985c5a78d2b02022-02-14 10:56:02.180root 11241100x80000000000000002049514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86501139f453fe352022-02-14 10:56:02.180root 11241100x80000000000000002049515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81009708eef1685e2022-02-14 10:56:02.180root 11241100x80000000000000002049516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1422ebe34cb8968f2022-02-14 10:56:02.181root 11241100x80000000000000002049517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315d2826889fc70d2022-02-14 10:56:02.181root 11241100x80000000000000002049518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c377de9dd252e902022-02-14 10:56:02.181root 11241100x80000000000000002049519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00f4d7de2a8f1912022-02-14 10:56:02.181root 11241100x80000000000000002049520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01391fc19285baae2022-02-14 10:56:02.181root 11241100x80000000000000002049521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25cc42d09e87e992022-02-14 10:56:02.181root 11241100x80000000000000002049522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a00bfb675566cb2022-02-14 10:56:02.181root 11241100x80000000000000002049523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5548af2b8952002022-02-14 10:56:02.680root 11241100x80000000000000002049524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2e3ad20cdfd6452022-02-14 10:56:02.680root 11241100x80000000000000002049525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ea87095f3ffcbb2022-02-14 10:56:02.680root 11241100x80000000000000002049526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375f9e4403c15d862022-02-14 10:56:02.681root 11241100x80000000000000002049527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4a869f62886f1d2022-02-14 10:56:02.681root 11241100x80000000000000002049528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7530eb63452e27a2022-02-14 10:56:02.681root 11241100x80000000000000002049529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60624d6963a9e7a32022-02-14 10:56:02.681root 11241100x80000000000000002049530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d08b4a7e210a362022-02-14 10:56:02.681root 11241100x80000000000000002049531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa14b11674bbb152022-02-14 10:56:02.681root 11241100x80000000000000002049532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b55f293ec025f72022-02-14 10:56:02.681root 11241100x80000000000000002049533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2433bbc54add61802022-02-14 10:56:02.681root 11241100x80000000000000002049534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d505aff404f4ad4c2022-02-14 10:56:02.681root 11241100x80000000000000002049535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e138c186636e3bcb2022-02-14 10:56:02.681root 11241100x80000000000000002049536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea24a74333a5a962022-02-14 10:56:02.681root 11241100x80000000000000002049537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29704d5bb648b932022-02-14 10:56:02.681root 11241100x80000000000000002049538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b6fe4e547608f42022-02-14 10:56:02.681root 11241100x80000000000000002049539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:02.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f81438ccee34192022-02-14 10:56:02.682root 11241100x80000000000000002049540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910169d8d1ada12a2022-02-14 10:56:03.179root 11241100x80000000000000002049541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0278e1d1ec89c73c2022-02-14 10:56:03.180root 11241100x80000000000000002049542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d60cb324b27d52e2022-02-14 10:56:03.180root 11241100x80000000000000002049543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e410cf9c7a1377f2022-02-14 10:56:03.180root 11241100x80000000000000002049544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaea4631da28da52022-02-14 10:56:03.180root 11241100x80000000000000002049545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6acdcf3362623622022-02-14 10:56:03.180root 11241100x80000000000000002049546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b204b27efbc636a2022-02-14 10:56:03.180root 11241100x80000000000000002049547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749e8f2a33642f932022-02-14 10:56:03.180root 11241100x80000000000000002049548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540f56ab6aeaa6382022-02-14 10:56:03.181root 11241100x80000000000000002049549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e914674deb9aa432022-02-14 10:56:03.181root 11241100x80000000000000002049550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54362384cfb31f3e2022-02-14 10:56:03.182root 11241100x80000000000000002049551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c288767954c19b492022-02-14 10:56:03.182root 11241100x80000000000000002049552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02246c8c83218962022-02-14 10:56:03.182root 11241100x80000000000000002049553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e13644aa72f9452022-02-14 10:56:03.182root 11241100x80000000000000002049554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f236d483e0049bfa2022-02-14 10:56:03.182root 11241100x80000000000000002049555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864f9686cc03c3dd2022-02-14 10:56:03.182root 11241100x80000000000000002049556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b707cb7621eb2c42022-02-14 10:56:03.182root 11241100x80000000000000002049557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93007cc4aa5503ec2022-02-14 10:56:03.182root 11241100x80000000000000002049558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed32a68dec0c71d62022-02-14 10:56:03.183root 11241100x80000000000000002049559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec93ff3775d9bf42022-02-14 10:56:03.183root 11241100x80000000000000002049560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a127777dcf92ee92022-02-14 10:56:03.183root 11241100x80000000000000002049561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e274b7278f89e32c2022-02-14 10:56:03.183root 11241100x80000000000000002049562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9299a3411682da562022-02-14 10:56:03.183root 11241100x80000000000000002049563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd6e32b636938042022-02-14 10:56:03.183root 11241100x80000000000000002049564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b039b92673e89a2022-02-14 10:56:03.680root 11241100x80000000000000002049565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595a426bd3757e792022-02-14 10:56:03.680root 11241100x80000000000000002049566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fba22e69c9491f2022-02-14 10:56:03.680root 11241100x80000000000000002049567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce23a80f06fa4e152022-02-14 10:56:03.680root 11241100x80000000000000002049568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be732e68139128c2022-02-14 10:56:03.680root 11241100x80000000000000002049569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c08bbbe7354322e2022-02-14 10:56:03.680root 11241100x80000000000000002049570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bcd16ca34aff3a2022-02-14 10:56:03.680root 11241100x80000000000000002049571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1323b555fd50b92022-02-14 10:56:03.681root 11241100x80000000000000002049572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7cb3c0db0734702022-02-14 10:56:03.681root 11241100x80000000000000002049573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef0a13717065db42022-02-14 10:56:03.681root 11241100x80000000000000002049574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587e2dd0a15aaa872022-02-14 10:56:03.682root 11241100x80000000000000002049575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa928d05d30fa5af2022-02-14 10:56:03.682root 11241100x80000000000000002049576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88378f4be3633baa2022-02-14 10:56:03.682root 11241100x80000000000000002049577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4932609f80c3fa2022-02-14 10:56:03.682root 11241100x80000000000000002049578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76e838d224479bd2022-02-14 10:56:03.682root 11241100x80000000000000002049579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a17d159b2005c32022-02-14 10:56:03.682root 11241100x80000000000000002049580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:03.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc9328c5ae7ec952022-02-14 10:56:03.682root 11241100x80000000000000002049581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e236d2e4ae62a82022-02-14 10:56:04.180root 11241100x80000000000000002049582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b133743cb502f332022-02-14 10:56:04.180root 11241100x80000000000000002049583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf37589a3e5da1682022-02-14 10:56:04.180root 11241100x80000000000000002049584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374e99ac684544502022-02-14 10:56:04.180root 11241100x80000000000000002049585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d224f59cc4c82652022-02-14 10:56:04.180root 11241100x80000000000000002049586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c349a16e5349ed02022-02-14 10:56:04.181root 11241100x80000000000000002049587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324c201196c7924f2022-02-14 10:56:04.181root 11241100x80000000000000002049588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0623678a3b9eccf32022-02-14 10:56:04.181root 11241100x80000000000000002049589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8d916897d907c42022-02-14 10:56:04.181root 11241100x80000000000000002049590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb90d8f701ee4532022-02-14 10:56:04.181root 11241100x80000000000000002049591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3548b6f65671491d2022-02-14 10:56:04.181root 11241100x80000000000000002049592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e223d9cc635364e2022-02-14 10:56:04.181root 11241100x80000000000000002049593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40868c8a1e70d77b2022-02-14 10:56:04.181root 11241100x80000000000000002049594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c659f0128c23632022-02-14 10:56:04.181root 11241100x80000000000000002049595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0d4e684d6ecadb2022-02-14 10:56:04.181root 11241100x80000000000000002049596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18be9983b7095b342022-02-14 10:56:04.181root 11241100x80000000000000002049597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba790d83aac2c982022-02-14 10:56:04.181root 11241100x80000000000000002049598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247395d57cb0e6092022-02-14 10:56:04.680root 11241100x80000000000000002049599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892035fa30ae70262022-02-14 10:56:04.680root 11241100x80000000000000002049600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c338640e07a8502022-02-14 10:56:04.680root 11241100x80000000000000002049601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526f8df9a5b394bb2022-02-14 10:56:04.680root 11241100x80000000000000002049602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5470e89658cf15f2022-02-14 10:56:04.681root 11241100x80000000000000002049603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c32a029b0135522022-02-14 10:56:04.681root 11241100x80000000000000002049604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5dd6577f86db3a2022-02-14 10:56:04.681root 11241100x80000000000000002049605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33be3a03cb9a16b12022-02-14 10:56:04.681root 11241100x80000000000000002049606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23386e42865e73012022-02-14 10:56:04.681root 11241100x80000000000000002049607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29303dff514be1a82022-02-14 10:56:04.681root 11241100x80000000000000002049608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f57c1d965fb89602022-02-14 10:56:04.681root 11241100x80000000000000002049609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e3a278a445fdcf2022-02-14 10:56:04.682root 11241100x80000000000000002049610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b4bf1105094d122022-02-14 10:56:04.682root 11241100x80000000000000002049611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d346af3cf20ceb62022-02-14 10:56:04.682root 11241100x80000000000000002049612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d47bf9dd429ad9d2022-02-14 10:56:04.682root 11241100x80000000000000002049613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3db7922186f12e2022-02-14 10:56:04.682root 11241100x80000000000000002049614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9abf22c34ec36c2022-02-14 10:56:04.682root 11241100x80000000000000002049615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995debe2eb00507f2022-02-14 10:56:05.180root 11241100x80000000000000002049616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0c6e46b36b38782022-02-14 10:56:05.180root 11241100x80000000000000002049617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e6699eec4df9912022-02-14 10:56:05.181root 11241100x80000000000000002049618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddb16bfa347f2102022-02-14 10:56:05.181root 11241100x80000000000000002049619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0209887e61f779092022-02-14 10:56:05.181root 11241100x80000000000000002049620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391f34a45f72017a2022-02-14 10:56:05.181root 11241100x80000000000000002049621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b71d32c9127b122022-02-14 10:56:05.181root 11241100x80000000000000002049622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cbc469cb3eb2232022-02-14 10:56:05.181root 11241100x80000000000000002049623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96140e03b310dd662022-02-14 10:56:05.182root 11241100x80000000000000002049624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97347b260cdcd1ee2022-02-14 10:56:05.182root 11241100x80000000000000002049625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccde2937d825f7d52022-02-14 10:56:05.182root 11241100x80000000000000002049626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a72faa601fd5e12022-02-14 10:56:05.182root 11241100x80000000000000002049627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06150edca43abde22022-02-14 10:56:05.182root 11241100x80000000000000002049628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c42312de031a852022-02-14 10:56:05.182root 11241100x80000000000000002049629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5660cf512cd7282022-02-14 10:56:05.182root 11241100x80000000000000002049630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a8bbb0afb6488d2022-02-14 10:56:05.182root 11241100x80000000000000002049631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15045d8d8d68a9752022-02-14 10:56:05.182root 11241100x80000000000000002049632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bb28caedc1aca22022-02-14 10:56:05.680root 11241100x80000000000000002049633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e18450b486286c2022-02-14 10:56:05.680root 11241100x80000000000000002049634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18038e9226f9cbf52022-02-14 10:56:05.680root 11241100x80000000000000002049635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eef2caeecec7be2022-02-14 10:56:05.680root 11241100x80000000000000002049636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3c294e01951b772022-02-14 10:56:05.680root 11241100x80000000000000002049637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45990be03fe803902022-02-14 10:56:05.681root 11241100x80000000000000002049638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f20197b217e9de2022-02-14 10:56:05.681root 11241100x80000000000000002049639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e86456ebcee3cd2022-02-14 10:56:05.681root 11241100x80000000000000002049640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16935e4ccc3c99542022-02-14 10:56:05.681root 11241100x80000000000000002049641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34409292f71ca4552022-02-14 10:56:05.681root 11241100x80000000000000002049642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a442882f8f427b8e2022-02-14 10:56:05.681root 11241100x80000000000000002049643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf92f6ba46643aa2022-02-14 10:56:05.682root 11241100x80000000000000002049644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d0757a51aa1d2a2022-02-14 10:56:05.682root 11241100x80000000000000002049645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5b57a3b2d750db2022-02-14 10:56:05.682root 11241100x80000000000000002049646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88dd4ef3e1a2c7d2022-02-14 10:56:05.682root 11241100x80000000000000002049647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fde12ba91549e262022-02-14 10:56:05.682root 11241100x80000000000000002049648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:05.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b91a60de0d89632022-02-14 10:56:05.682root 11241100x80000000000000002049649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f9a208df1446a92022-02-14 10:56:06.180root 11241100x80000000000000002049650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9ec1d8e3a8aa062022-02-14 10:56:06.180root 11241100x80000000000000002049651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c634ae9db649292022-02-14 10:56:06.180root 11241100x80000000000000002049652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c6d7fe4c1a76a92022-02-14 10:56:06.180root 11241100x80000000000000002049653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c592a86ddf18832022-02-14 10:56:06.180root 11241100x80000000000000002049654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1337033368f727182022-02-14 10:56:06.181root 11241100x80000000000000002049655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6d7c6529e948f92022-02-14 10:56:06.181root 11241100x80000000000000002049656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5796d0c7b7eea1222022-02-14 10:56:06.181root 11241100x80000000000000002049657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a024a252b4949b6c2022-02-14 10:56:06.181root 11241100x80000000000000002049658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103b2d599aeebf012022-02-14 10:56:06.182root 11241100x80000000000000002049659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f45bc948042a482022-02-14 10:56:06.182root 11241100x80000000000000002049660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d7a1b6edcbb9022022-02-14 10:56:06.182root 11241100x80000000000000002049661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb82aae921074522022-02-14 10:56:06.184root 11241100x80000000000000002049662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf47a18309a886f52022-02-14 10:56:06.184root 11241100x80000000000000002049663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deab773b57d473742022-02-14 10:56:06.184root 11241100x80000000000000002049664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b076802e81e3a702022-02-14 10:56:06.185root 11241100x80000000000000002049665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8e3496d290de122022-02-14 10:56:06.186root 11241100x80000000000000002049666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ae2f029ec5eccf2022-02-14 10:56:06.186root 11241100x80000000000000002049667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed05b27251eef6c2022-02-14 10:56:06.680root 11241100x80000000000000002049668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56738a22032d35d22022-02-14 10:56:06.680root 11241100x80000000000000002049669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ba153cc54041682022-02-14 10:56:06.681root 11241100x80000000000000002049670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15832a9b705375a22022-02-14 10:56:06.681root 11241100x80000000000000002049671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a844ba25905187a42022-02-14 10:56:06.681root 11241100x80000000000000002049672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf611c89d085bb92022-02-14 10:56:06.681root 11241100x80000000000000002049673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebe1ee46f8394132022-02-14 10:56:06.681root 11241100x80000000000000002049674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a429969acdd349232022-02-14 10:56:06.681root 11241100x80000000000000002049675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639dae62c6d23a6b2022-02-14 10:56:06.682root 11241100x80000000000000002049676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096e3ebc4f86fc3b2022-02-14 10:56:06.682root 11241100x80000000000000002049677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a217a169fd0943442022-02-14 10:56:06.682root 11241100x80000000000000002049678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562c84bc9f8340042022-02-14 10:56:06.682root 11241100x80000000000000002049679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e5a0812091aa3f2022-02-14 10:56:06.683root 11241100x80000000000000002049680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dc4379d74fa3732022-02-14 10:56:06.683root 11241100x80000000000000002049681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0ffbb09de4c6172022-02-14 10:56:06.683root 11241100x80000000000000002049682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f62e9235f82eb472022-02-14 10:56:06.683root 11241100x80000000000000002049683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:06.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c22b880217af3d72022-02-14 10:56:06.684root 354300x80000000000000002049684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.062{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54672-false10.0.1.12-8000- 11241100x80000000000000002049685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.063{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3e298464aaef4c2022-02-14 10:56:07.063root 11241100x80000000000000002049686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.063{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db65e7a8e93738c12022-02-14 10:56:07.063root 11241100x80000000000000002049687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.064{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6293e14779cb81272022-02-14 10:56:07.064root 11241100x80000000000000002049688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.064{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c044cae859cb2f2022-02-14 10:56:07.064root 11241100x80000000000000002049689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.064{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ce0f1e7ae4618d2022-02-14 10:56:07.064root 11241100x80000000000000002049690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e6f1dacc531d672022-02-14 10:56:07.065root 11241100x80000000000000002049691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e4db6d3fe2f9852022-02-14 10:56:07.065root 11241100x80000000000000002049692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165a982469571bef2022-02-14 10:56:07.065root 11241100x80000000000000002049693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991403ec25442bd52022-02-14 10:56:07.065root 11241100x80000000000000002049694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf982db6bf3483622022-02-14 10:56:07.065root 11241100x80000000000000002049695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6c765f6ef776e72022-02-14 10:56:07.065root 11241100x80000000000000002049696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b261c2692ec4ef1a2022-02-14 10:56:07.065root 11241100x80000000000000002049697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9573be5f5be217b32022-02-14 10:56:07.065root 11241100x80000000000000002049698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdf82491a793b4e2022-02-14 10:56:07.065root 11241100x80000000000000002049699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa153fafc7b96862022-02-14 10:56:07.065root 11241100x80000000000000002049700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0fde4c546714522022-02-14 10:56:07.065root 11241100x80000000000000002049701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.066{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbd28a763f99c792022-02-14 10:56:07.066root 11241100x80000000000000002049702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.066{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2773bfc2b2e8f79a2022-02-14 10:56:07.066root 11241100x80000000000000002049703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.066{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42142cd8875437842022-02-14 10:56:07.066root 11241100x80000000000000002049704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7bedeb222a729e2022-02-14 10:56:07.430root 11241100x80000000000000002049705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8febf17febba48982022-02-14 10:56:07.430root 11241100x80000000000000002049706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89465d4d3fb995b2022-02-14 10:56:07.430root 11241100x80000000000000002049707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f8f159ac02dfdf2022-02-14 10:56:07.430root 11241100x80000000000000002049708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f646a7499211092022-02-14 10:56:07.430root 11241100x80000000000000002049709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d832b6f219ff8ac42022-02-14 10:56:07.430root 11241100x80000000000000002049710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d1a2bc22694fc82022-02-14 10:56:07.430root 11241100x80000000000000002049711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1192378278c056a2022-02-14 10:56:07.431root 11241100x80000000000000002049712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c69dcd867c57742022-02-14 10:56:07.431root 11241100x80000000000000002049713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0af9b53d8d583332022-02-14 10:56:07.431root 11241100x80000000000000002049714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90405edcedb504cb2022-02-14 10:56:07.431root 11241100x80000000000000002049715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c12515ab7f541e2022-02-14 10:56:07.431root 11241100x80000000000000002049716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92032c6af891453f2022-02-14 10:56:07.431root 11241100x80000000000000002049717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff349c93d876792f2022-02-14 10:56:07.431root 11241100x80000000000000002049718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e7f3f2f1556a992022-02-14 10:56:07.431root 11241100x80000000000000002049719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da02377fb0a2de312022-02-14 10:56:07.431root 11241100x80000000000000002049720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94736d62bc9debaa2022-02-14 10:56:07.431root 11241100x80000000000000002049721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc3b66fdea8e6bb2022-02-14 10:56:07.432root 11241100x80000000000000002049722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d47ef4d8747dd52022-02-14 10:56:07.930root 11241100x80000000000000002049723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7038120f7a4fb2712022-02-14 10:56:07.930root 11241100x80000000000000002049724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccc7069bdb90f802022-02-14 10:56:07.930root 11241100x80000000000000002049725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8018de233183ca2022-02-14 10:56:07.931root 11241100x80000000000000002049726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197a5e394e68a7312022-02-14 10:56:07.931root 11241100x80000000000000002049727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc641bf8092132412022-02-14 10:56:07.931root 11241100x80000000000000002049728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e055f98bb1d9f32022-02-14 10:56:07.932root 11241100x80000000000000002049729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd985297b5ce20182022-02-14 10:56:07.932root 11241100x80000000000000002049730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eedb681556d3932022-02-14 10:56:07.932root 11241100x80000000000000002049731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32720dd2b3655242022-02-14 10:56:07.932root 11241100x80000000000000002049732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4950c028ac2df8172022-02-14 10:56:07.933root 11241100x80000000000000002049733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1a27e355918e932022-02-14 10:56:07.933root 11241100x80000000000000002049734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2208284fb365b4ba2022-02-14 10:56:07.933root 11241100x80000000000000002049735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dd3ba4503c196d2022-02-14 10:56:07.933root 11241100x80000000000000002049736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39af2aabdf342ca42022-02-14 10:56:07.933root 11241100x80000000000000002049737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c6004b17d941fb2022-02-14 10:56:07.933root 11241100x80000000000000002049738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d886ef15b677abc62022-02-14 10:56:07.934root 11241100x80000000000000002049739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:07.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e58ce943bbbd8132022-02-14 10:56:07.934root 11241100x80000000000000002049740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68f90c744e7f7d02022-02-14 10:56:08.430root 11241100x80000000000000002049741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb00482b773d45a2022-02-14 10:56:08.430root 11241100x80000000000000002049742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e356426013f9f1c2022-02-14 10:56:08.430root 11241100x80000000000000002049743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfd0aa90fa4e7d62022-02-14 10:56:08.430root 11241100x80000000000000002049744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86088df25c7e8f8d2022-02-14 10:56:08.430root 11241100x80000000000000002049745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f93b5ce8133902a2022-02-14 10:56:08.431root 11241100x80000000000000002049746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3fe14c5dafd50a2022-02-14 10:56:08.431root 11241100x80000000000000002049747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d636043dffc0f8f2022-02-14 10:56:08.431root 11241100x80000000000000002049748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e720adbf325514ab2022-02-14 10:56:08.431root 11241100x80000000000000002049749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a96c40305a41522022-02-14 10:56:08.431root 11241100x80000000000000002049750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fdfde979dc94ed2022-02-14 10:56:08.431root 11241100x80000000000000002049751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d598c71e1b9c48082022-02-14 10:56:08.431root 11241100x80000000000000002049752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48c61cb771a61b62022-02-14 10:56:08.431root 11241100x80000000000000002049753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7479e807c506ce2022-02-14 10:56:08.431root 11241100x80000000000000002049754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43558cbc8ac5224f2022-02-14 10:56:08.431root 11241100x80000000000000002049755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c61caa56d69b2c2022-02-14 10:56:08.431root 11241100x80000000000000002049756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ead402e5b25dbe52022-02-14 10:56:08.431root 11241100x80000000000000002049757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874826ddbe55ed112022-02-14 10:56:08.431root 11241100x80000000000000002049758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2047c032333ef62022-02-14 10:56:08.930root 11241100x80000000000000002049759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2c09873905d7f52022-02-14 10:56:08.930root 11241100x80000000000000002049760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3e8671fd0991462022-02-14 10:56:08.930root 11241100x80000000000000002049761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de44b95bc7ba8e582022-02-14 10:56:08.930root 11241100x80000000000000002049762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fb30db59bc5a232022-02-14 10:56:08.931root 11241100x80000000000000002049763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38157e9d3972579a2022-02-14 10:56:08.931root 11241100x80000000000000002049764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af44d0b1f7b5b4ab2022-02-14 10:56:08.931root 11241100x80000000000000002049765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97728316de8f5e622022-02-14 10:56:08.931root 11241100x80000000000000002049766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf50b05ec7878f92022-02-14 10:56:08.931root 11241100x80000000000000002049767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c6b5514ece3bdf2022-02-14 10:56:08.931root 11241100x80000000000000002049768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c981a0ed6276190a2022-02-14 10:56:08.931root 11241100x80000000000000002049769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db11ef2dd333ec92022-02-14 10:56:08.931root 11241100x80000000000000002049770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fee232faec92fe2022-02-14 10:56:08.931root 11241100x80000000000000002049771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce84ac75c648a7fa2022-02-14 10:56:08.932root 11241100x80000000000000002049772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61427de281f789812022-02-14 10:56:08.932root 11241100x80000000000000002049773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbc7d74cd3a07292022-02-14 10:56:08.932root 11241100x80000000000000002049774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df27fa6397de22032022-02-14 10:56:08.932root 11241100x80000000000000002049775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39574df4f245f1e82022-02-14 10:56:08.932root 11241100x80000000000000002049776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9862b7f3ede085a02022-02-14 10:56:09.430root 11241100x80000000000000002049777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8638975ec8bdb0f42022-02-14 10:56:09.430root 11241100x80000000000000002049778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7830ef24807114752022-02-14 10:56:09.430root 11241100x80000000000000002049779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace61741e4d793132022-02-14 10:56:09.431root 11241100x80000000000000002049780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0a36e4e7e7ef842022-02-14 10:56:09.431root 11241100x80000000000000002049781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bf63ffc70e61f32022-02-14 10:56:09.431root 11241100x80000000000000002049782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35a5905441aa0fd2022-02-14 10:56:09.431root 11241100x80000000000000002049783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19bab97368cf87f2022-02-14 10:56:09.431root 11241100x80000000000000002049784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5a7b6a633ea1672022-02-14 10:56:09.431root 11241100x80000000000000002049785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63253664b1453ad32022-02-14 10:56:09.431root 11241100x80000000000000002049786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb39bf2f0d69f2b2022-02-14 10:56:09.431root 11241100x80000000000000002049787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f04e380a5a748a2022-02-14 10:56:09.431root 11241100x80000000000000002049788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65864dda27f91dfb2022-02-14 10:56:09.431root 11241100x80000000000000002049789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95628509ca54b5e2022-02-14 10:56:09.431root 11241100x80000000000000002049790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6e78d81b12b3862022-02-14 10:56:09.432root 11241100x80000000000000002049791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf23da2cef694ab2022-02-14 10:56:09.432root 11241100x80000000000000002049792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc58ef3795db6842022-02-14 10:56:09.432root 11241100x80000000000000002049793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6172a2f079182bbd2022-02-14 10:56:09.432root 11241100x80000000000000002049794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2937d9725a9b593a2022-02-14 10:56:09.930root 11241100x80000000000000002049795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dc4ecf01ccfd8f2022-02-14 10:56:09.931root 11241100x80000000000000002049796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d296963b3fedcd6f2022-02-14 10:56:09.931root 11241100x80000000000000002049797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df40c6ca95bea8d72022-02-14 10:56:09.931root 11241100x80000000000000002049798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff64138b602a9dd52022-02-14 10:56:09.931root 11241100x80000000000000002049799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ffd0112228402f2022-02-14 10:56:09.931root 11241100x80000000000000002049800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a7830b9c1d83692022-02-14 10:56:09.931root 11241100x80000000000000002049801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b04f662cb6056e2022-02-14 10:56:09.932root 11241100x80000000000000002049802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ebb5c2927f6bc22022-02-14 10:56:09.932root 11241100x80000000000000002049803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9c2e2c8b2cface2022-02-14 10:56:09.932root 11241100x80000000000000002049804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4071ff96214214072022-02-14 10:56:09.932root 11241100x80000000000000002049805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed0fe653e0ff29d2022-02-14 10:56:09.932root 11241100x80000000000000002049806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eae9fe3bd3a68a42022-02-14 10:56:09.932root 11241100x80000000000000002049807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420819fd18f1303b2022-02-14 10:56:09.932root 11241100x80000000000000002049808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e157a0d6f3f38ab2022-02-14 10:56:09.932root 11241100x80000000000000002049809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7308ae345b0015022022-02-14 10:56:09.932root 11241100x80000000000000002049810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073d188ac1821dfe2022-02-14 10:56:09.932root 11241100x80000000000000002049811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18180c8985fa1ef52022-02-14 10:56:09.932root 11241100x80000000000000002049812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.015{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 10:56:10.015root 11241100x80000000000000002049813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723442e9374d46f02022-02-14 10:56:10.430root 11241100x80000000000000002049814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a948aa1174f356f72022-02-14 10:56:10.430root 11241100x80000000000000002049815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c661648563ab4a322022-02-14 10:56:10.430root 11241100x80000000000000002049816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bd81135b3d86b12022-02-14 10:56:10.430root 11241100x80000000000000002049817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f22522ae54052bd2022-02-14 10:56:10.430root 11241100x80000000000000002049818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f111b41fd198252022-02-14 10:56:10.430root 11241100x80000000000000002049819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211253acff99ac4d2022-02-14 10:56:10.430root 11241100x80000000000000002049820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511439a111b535ff2022-02-14 10:56:10.430root 11241100x80000000000000002049821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3348940ec2dcd42022-02-14 10:56:10.431root 11241100x80000000000000002049822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3b31d5b28581282022-02-14 10:56:10.431root 11241100x80000000000000002049823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24c22b95c4862752022-02-14 10:56:10.431root 11241100x80000000000000002049824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038a2f399ddaba4d2022-02-14 10:56:10.431root 11241100x80000000000000002049825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdae247f4e6c81a52022-02-14 10:56:10.431root 11241100x80000000000000002049826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2eda739b7590fc02022-02-14 10:56:10.431root 11241100x80000000000000002049827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d38df31db9eebf2022-02-14 10:56:10.431root 11241100x80000000000000002049828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb90d09843b69f9a2022-02-14 10:56:10.432root 11241100x80000000000000002049829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd678cf0f9228f22022-02-14 10:56:10.432root 11241100x80000000000000002049830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa802446429ed662022-02-14 10:56:10.432root 11241100x80000000000000002049831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6275d2d155bbd252022-02-14 10:56:10.432root 11241100x80000000000000002049832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0dbbe63a30767712022-02-14 10:56:10.930root 11241100x80000000000000002049833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801782be024cd6772022-02-14 10:56:10.931root 11241100x80000000000000002049834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfc08e8b97ba88c2022-02-14 10:56:10.931root 11241100x80000000000000002049835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09927e9a889b32c82022-02-14 10:56:10.931root 11241100x80000000000000002049836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26aa963c461c6b32022-02-14 10:56:10.931root 11241100x80000000000000002049837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fd0ba0ba375e0d2022-02-14 10:56:10.931root 11241100x80000000000000002049838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be61b59437fb1af22022-02-14 10:56:10.931root 11241100x80000000000000002049839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee5476fe598180d2022-02-14 10:56:10.932root 11241100x80000000000000002049840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c3095c078a34d32022-02-14 10:56:10.932root 11241100x80000000000000002049841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a316a0e91df3b0172022-02-14 10:56:10.932root 11241100x80000000000000002049842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffff4ad22f7c54d2022-02-14 10:56:10.932root 11241100x80000000000000002049843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfe56336958e6f22022-02-14 10:56:10.932root 11241100x80000000000000002049844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92309cc357ea1bfe2022-02-14 10:56:10.932root 11241100x80000000000000002049845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9d23d53c7b73f02022-02-14 10:56:10.932root 11241100x80000000000000002049846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac57c031bc9b72e2022-02-14 10:56:10.932root 11241100x80000000000000002049847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd941973d23f9532022-02-14 10:56:10.932root 11241100x80000000000000002049848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e273972532d596992022-02-14 10:56:10.932root 11241100x80000000000000002049849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097db664067199db2022-02-14 10:56:10.933root 11241100x80000000000000002049850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:10.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebb5965be5e99b42022-02-14 10:56:10.933root 354300x80000000000000002049851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.083{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-58162-false10.0.1.12-8089- 11241100x80000000000000002049852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668d02bc22c395e72022-02-14 10:56:11.430root 11241100x80000000000000002049853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26d24ac3676c6382022-02-14 10:56:11.430root 11241100x80000000000000002049854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08b99d1fd54513f2022-02-14 10:56:11.430root 11241100x80000000000000002049855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d4c45e2251f5e22022-02-14 10:56:11.430root 11241100x80000000000000002049856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531656acc181a5cc2022-02-14 10:56:11.430root 11241100x80000000000000002049857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89908c0b4f3f62e82022-02-14 10:56:11.430root 11241100x80000000000000002049858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2732e8127dc3312022-02-14 10:56:11.430root 11241100x80000000000000002049859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576d2a288754d5d92022-02-14 10:56:11.431root 11241100x80000000000000002049860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7f5c08635e9ae12022-02-14 10:56:11.431root 11241100x80000000000000002049861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c809290f82c14eb72022-02-14 10:56:11.431root 11241100x80000000000000002049862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c23f7f6987f18cc2022-02-14 10:56:11.432root 11241100x80000000000000002049863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f379c8b63bc6ac2022-02-14 10:56:11.432root 11241100x80000000000000002049864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0026a8597f67a5ed2022-02-14 10:56:11.432root 11241100x80000000000000002049865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e71c48c99d43a12022-02-14 10:56:11.432root 11241100x80000000000000002049866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e162a10fd362aebc2022-02-14 10:56:11.432root 11241100x80000000000000002049867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353b04bbe9336a552022-02-14 10:56:11.432root 11241100x80000000000000002049868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf9169096526d652022-02-14 10:56:11.433root 11241100x80000000000000002049869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257a787d84afcde22022-02-14 10:56:11.433root 11241100x80000000000000002049870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df148a58877233f62022-02-14 10:56:11.433root 11241100x80000000000000002049871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825925fff2f5fc2d2022-02-14 10:56:11.433root 11241100x80000000000000002049872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a246de1746b975f92022-02-14 10:56:11.930root 11241100x80000000000000002049873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ae06b4a9afc4642022-02-14 10:56:11.930root 11241100x80000000000000002049874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b63ae1b50a36122022-02-14 10:56:11.931root 11241100x80000000000000002049875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe9d8c3320384772022-02-14 10:56:11.932root 11241100x80000000000000002049876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14e9d393ea6da752022-02-14 10:56:11.932root 11241100x80000000000000002049877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e36bb532cd0001b2022-02-14 10:56:11.932root 11241100x80000000000000002049878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19706576c7592e7d2022-02-14 10:56:11.933root 11241100x80000000000000002049879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9df61ef9bf9a652022-02-14 10:56:11.933root 11241100x80000000000000002049880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fc8687f6dd73f82022-02-14 10:56:11.933root 11241100x80000000000000002049881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffe3848ec1b314d2022-02-14 10:56:11.934root 11241100x80000000000000002049882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ceaca114b06c042022-02-14 10:56:11.936root 11241100x80000000000000002049883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3857f3bcf4391442022-02-14 10:56:11.936root 11241100x80000000000000002049884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb082c6621428122022-02-14 10:56:11.937root 11241100x80000000000000002049885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f525a66230815762022-02-14 10:56:11.938root 11241100x80000000000000002049886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0d894e0d3195442022-02-14 10:56:11.938root 11241100x80000000000000002049887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3750778529ecbb152022-02-14 10:56:11.938root 11241100x80000000000000002049888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df4d766576b7f592022-02-14 10:56:11.939root 11241100x80000000000000002049889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0c290716fa8ff22022-02-14 10:56:11.939root 11241100x80000000000000002049890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056bd651d07a47782022-02-14 10:56:11.939root 11241100x80000000000000002049891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:11.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa0499971aaaa2b2022-02-14 10:56:11.940root 354300x80000000000000002049892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.065{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54676-false10.0.1.12-8000- 11241100x80000000000000002049893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead58ca6a43ac0b2022-02-14 10:56:12.430root 11241100x80000000000000002049894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7302fe66ff3bdb712022-02-14 10:56:12.431root 11241100x80000000000000002049895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fd809015c912832022-02-14 10:56:12.431root 11241100x80000000000000002049896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1d2e1f6787855d2022-02-14 10:56:12.431root 11241100x80000000000000002049897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce122cb8fb2e0ae2022-02-14 10:56:12.432root 11241100x80000000000000002049898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0cade5d207d0552022-02-14 10:56:12.432root 11241100x80000000000000002049899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2046ce2fd234783a2022-02-14 10:56:12.433root 11241100x80000000000000002049900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e1d107414579322022-02-14 10:56:12.433root 11241100x80000000000000002049901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c61068da3920df42022-02-14 10:56:12.433root 11241100x80000000000000002049902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f9fc6038cde6a12022-02-14 10:56:12.433root 11241100x80000000000000002049903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2efb38c0dbd9d22022-02-14 10:56:12.434root 11241100x80000000000000002049904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8772607672cb8ad2022-02-14 10:56:12.435root 11241100x80000000000000002049905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7484b28ee80b072022-02-14 10:56:12.435root 11241100x80000000000000002049906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0d8d9396bba4342022-02-14 10:56:12.435root 11241100x80000000000000002049907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0aa71d9a5bf0082022-02-14 10:56:12.436root 11241100x80000000000000002049908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0bc3d3c28221ea2022-02-14 10:56:12.436root 11241100x80000000000000002049909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a202d7412477f6f22022-02-14 10:56:12.436root 11241100x80000000000000002049910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035ced46c30e0a062022-02-14 10:56:12.436root 11241100x80000000000000002049911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84d76f4e389c3332022-02-14 10:56:12.436root 11241100x80000000000000002049912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b221bb31d4e6912022-02-14 10:56:12.437root 11241100x80000000000000002049913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61c8266491197942022-02-14 10:56:12.437root 11241100x80000000000000002049914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015d5caa9ffb55082022-02-14 10:56:12.932root 11241100x80000000000000002049915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa348e4d2d3702232022-02-14 10:56:12.933root 11241100x80000000000000002049916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c19ce9888b2bab02022-02-14 10:56:12.933root 11241100x80000000000000002049917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be64996c47c107e2022-02-14 10:56:12.933root 11241100x80000000000000002049918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49bebb28265e2eb2022-02-14 10:56:12.933root 11241100x80000000000000002049919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6738abce67e2e82022-02-14 10:56:12.933root 11241100x80000000000000002049920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58a5704c21cae8d2022-02-14 10:56:12.933root 11241100x80000000000000002049921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f696c9919b9414582022-02-14 10:56:12.934root 11241100x80000000000000002049922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc6a50f255cdf5a2022-02-14 10:56:12.934root 11241100x80000000000000002049923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d6443117c27d4a2022-02-14 10:56:12.934root 11241100x80000000000000002049924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f992255e9ca7fb9d2022-02-14 10:56:12.935root 11241100x80000000000000002049925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac0009cf5a28a272022-02-14 10:56:12.935root 11241100x80000000000000002049926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32455a48434e5982022-02-14 10:56:12.935root 11241100x80000000000000002049927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cbb04844ffdd852022-02-14 10:56:12.935root 11241100x80000000000000002049928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16e879f2f3474192022-02-14 10:56:12.936root 11241100x80000000000000002049929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab2a2851a7180e22022-02-14 10:56:12.936root 11241100x80000000000000002049930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f2a4caeb17e3b52022-02-14 10:56:12.936root 11241100x80000000000000002049931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d7b4b61f4140db2022-02-14 10:56:12.936root 11241100x80000000000000002049932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6f0c9c15cb6b3a2022-02-14 10:56:12.936root 11241100x80000000000000002049933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718510221d77aa3c2022-02-14 10:56:12.936root 11241100x80000000000000002049934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:12.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbf1ac05f0458172022-02-14 10:56:12.936root 23542300x80000000000000002049935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.016{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000002049936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638a33bbdf24cfaa2022-02-14 10:56:13.430root 11241100x80000000000000002049937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf58872780bf2ad22022-02-14 10:56:13.430root 11241100x80000000000000002049938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618d94b82b46f2922022-02-14 10:56:13.431root 11241100x80000000000000002049939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bcd3cd0a67ce9c2022-02-14 10:56:13.431root 11241100x80000000000000002049940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce925f7b8655ff62022-02-14 10:56:13.431root 11241100x80000000000000002049941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5eee3c395d3bb02022-02-14 10:56:13.432root 11241100x80000000000000002049942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5521f49c8d1635e12022-02-14 10:56:13.432root 11241100x80000000000000002049943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc76ad5c6f569d72022-02-14 10:56:13.432root 11241100x80000000000000002049944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4bdb78edf6f44d2022-02-14 10:56:13.432root 11241100x80000000000000002049945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f04b8d073b08102022-02-14 10:56:13.433root 11241100x80000000000000002049946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9a4056a05c20362022-02-14 10:56:13.433root 11241100x80000000000000002049947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2e4d1e0009d0d42022-02-14 10:56:13.433root 11241100x80000000000000002049948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f18af1f327cc802022-02-14 10:56:13.433root 11241100x80000000000000002049949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcac928e451977f2022-02-14 10:56:13.434root 11241100x80000000000000002049950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdd72516fe97a2a2022-02-14 10:56:13.434root 11241100x80000000000000002049951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e87d17201ab706d2022-02-14 10:56:13.434root 11241100x80000000000000002049952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6cc96299604e6f2022-02-14 10:56:13.434root 11241100x80000000000000002049953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc6ad6d2c65d3422022-02-14 10:56:13.434root 11241100x80000000000000002049954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8c7a70a2aaafbc2022-02-14 10:56:13.434root 11241100x80000000000000002049955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda681f345fee3a52022-02-14 10:56:13.434root 11241100x80000000000000002049956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee95bcda94ae87402022-02-14 10:56:13.434root 11241100x80000000000000002049957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb92dbf2642517272022-02-14 10:56:13.434root 11241100x80000000000000002049958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bb40edf541599e2022-02-14 10:56:13.930root 11241100x80000000000000002049959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c75359c2e1ea7922022-02-14 10:56:13.930root 11241100x80000000000000002049960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e71043ab756ade2022-02-14 10:56:13.931root 11241100x80000000000000002049961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4589f5fa9492bbbc2022-02-14 10:56:13.931root 11241100x80000000000000002049962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b321bc7fff6ed41b2022-02-14 10:56:13.931root 11241100x80000000000000002049963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc88247d118454c2022-02-14 10:56:13.931root 11241100x80000000000000002049964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336be1df673ef9fe2022-02-14 10:56:13.931root 11241100x80000000000000002049965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc7e23de010f8fe2022-02-14 10:56:13.931root 11241100x80000000000000002049966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd96887ddf1c84432022-02-14 10:56:13.932root 11241100x80000000000000002049967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9ce17dd30817772022-02-14 10:56:13.932root 11241100x80000000000000002049968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bedaa827c0f6ec22022-02-14 10:56:13.932root 11241100x80000000000000002049969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c22eaabb9452cc2022-02-14 10:56:13.932root 11241100x80000000000000002049970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92ba89ab2e44d722022-02-14 10:56:13.932root 11241100x80000000000000002049971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6e1cce4aea4d1b2022-02-14 10:56:13.932root 11241100x80000000000000002049972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758eb7c48e9916c72022-02-14 10:56:13.932root 11241100x80000000000000002049973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a5beb51d7269422022-02-14 10:56:13.932root 11241100x80000000000000002049974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b359a687a5e5792022-02-14 10:56:13.932root 11241100x80000000000000002049975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d197f52785662f52022-02-14 10:56:13.932root 11241100x80000000000000002049976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23dfdc1cbad76732022-02-14 10:56:13.932root 11241100x80000000000000002049977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9754d0c700565032022-02-14 10:56:13.933root 11241100x80000000000000002049978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522ee042ba02fc132022-02-14 10:56:13.933root 11241100x80000000000000002049979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6999282466b9a5c22022-02-14 10:56:13.933root 11241100x80000000000000002049980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1fb986a9b4bc072022-02-14 10:56:13.934root 11241100x80000000000000002049981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7ea4932825b34e2022-02-14 10:56:13.934root 11241100x80000000000000002049982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:13.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0560cb8acf6df432022-02-14 10:56:13.934root 11241100x80000000000000002049983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c25b7caf4170dc2022-02-14 10:56:14.430root 11241100x80000000000000002049984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1216041387b45602022-02-14 10:56:14.430root 11241100x80000000000000002049985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b12c116f50820392022-02-14 10:56:14.431root 11241100x80000000000000002049986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7d01a54858fc082022-02-14 10:56:14.431root 11241100x80000000000000002049987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cb192f47c798c12022-02-14 10:56:14.431root 11241100x80000000000000002049988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50409d260dd2f4732022-02-14 10:56:14.431root 11241100x80000000000000002049989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee0fe9c906fb9472022-02-14 10:56:14.431root 11241100x80000000000000002049990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac67e51d644757f32022-02-14 10:56:14.431root 11241100x80000000000000002049991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d88ac74187149f2022-02-14 10:56:14.431root 11241100x80000000000000002049992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eb0d399db1333e2022-02-14 10:56:14.431root 11241100x80000000000000002049993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f838018137037b2022-02-14 10:56:14.431root 11241100x80000000000000002049994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3eca2134f0a6c9c2022-02-14 10:56:14.431root 11241100x80000000000000002049995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694b8fda31a009992022-02-14 10:56:14.431root 11241100x80000000000000002049996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e97b120137e54062022-02-14 10:56:14.431root 11241100x80000000000000002049997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a3eaead1053a762022-02-14 10:56:14.431root 11241100x80000000000000002049998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745b669f8d15d25f2022-02-14 10:56:14.431root 11241100x80000000000000002049999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ee9a37c3d120422022-02-14 10:56:14.431root 11241100x80000000000000002050000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef0d28eed8e49e52022-02-14 10:56:14.432root 11241100x80000000000000002050001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b140d7e4f533d832022-02-14 10:56:14.432root 11241100x80000000000000002050002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8236b38ab6c4f4952022-02-14 10:56:14.432root 11241100x80000000000000002050003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361c0c50017f90732022-02-14 10:56:14.432root 11241100x80000000000000002050004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744f8f0f946aba202022-02-14 10:56:14.432root 11241100x80000000000000002050005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74eb541f149f25f2022-02-14 10:56:14.930root 11241100x80000000000000002050006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509176b00890e6852022-02-14 10:56:14.931root 11241100x80000000000000002050007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b18ff762ee207232022-02-14 10:56:14.931root 11241100x80000000000000002050008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac242326916352b2022-02-14 10:56:14.931root 11241100x80000000000000002050009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6723088144520a7a2022-02-14 10:56:14.931root 11241100x80000000000000002050010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498b30e03fce9c532022-02-14 10:56:14.932root 11241100x80000000000000002050011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec2ecae2f75c4ff2022-02-14 10:56:14.932root 11241100x80000000000000002050012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356a846e877e34c52022-02-14 10:56:14.932root 11241100x80000000000000002050013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1dde0d3e30fef12022-02-14 10:56:14.932root 11241100x80000000000000002050014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a1a3f0505d172d2022-02-14 10:56:14.933root 11241100x80000000000000002050015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68137001a60ae822022-02-14 10:56:14.933root 11241100x80000000000000002050016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41169d235a0e8d502022-02-14 10:56:14.933root 11241100x80000000000000002050017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ca6cd250f431da2022-02-14 10:56:14.933root 11241100x80000000000000002050018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99341df87f4c2d02022-02-14 10:56:14.933root 11241100x80000000000000002050019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058ed67c3a5481f92022-02-14 10:56:14.933root 11241100x80000000000000002050020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f895248678598a2022-02-14 10:56:14.934root 11241100x80000000000000002050021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b461f0f826eeea382022-02-14 10:56:14.934root 11241100x80000000000000002050022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3df1950729a2a122022-02-14 10:56:14.934root 11241100x80000000000000002050023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e215cc57c8d8aa2022-02-14 10:56:14.934root 11241100x80000000000000002050024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdc9357311781032022-02-14 10:56:14.934root 11241100x80000000000000002050025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3319f08300fef562022-02-14 10:56:14.934root 11241100x80000000000000002050026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:14.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a2b6eb7ac2b1932022-02-14 10:56:14.935root 11241100x80000000000000002050027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfa45f8a37744a02022-02-14 10:56:15.430root 11241100x80000000000000002050028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5cde3717e7cd152022-02-14 10:56:15.430root 11241100x80000000000000002050029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b589239d51d64a2022-02-14 10:56:15.431root 11241100x80000000000000002050030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591cf1c732f53f602022-02-14 10:56:15.431root 11241100x80000000000000002050031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979d99e4dfc55d842022-02-14 10:56:15.431root 11241100x80000000000000002050032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9763331575ac0742022-02-14 10:56:15.431root 11241100x80000000000000002050033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8792a6163d06572022-02-14 10:56:15.431root 11241100x80000000000000002050034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6726f176a1e6a5e12022-02-14 10:56:15.432root 11241100x80000000000000002050035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495be53b473b38932022-02-14 10:56:15.432root 11241100x80000000000000002050036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6f3f2ab28dfbd32022-02-14 10:56:15.432root 11241100x80000000000000002050037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed2dd29fe85f07b2022-02-14 10:56:15.432root 11241100x80000000000000002050038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694cb08c5bd5057a2022-02-14 10:56:15.432root 11241100x80000000000000002050039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84a1f553a54f5262022-02-14 10:56:15.432root 11241100x80000000000000002050040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f8b6aa343f73fe2022-02-14 10:56:15.432root 11241100x80000000000000002050041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110593aad34d31992022-02-14 10:56:15.432root 11241100x80000000000000002050042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e343bc639409492022-02-14 10:56:15.432root 11241100x80000000000000002050043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b46367fec3aa7d82022-02-14 10:56:15.432root 11241100x80000000000000002050044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e079a5406f013142022-02-14 10:56:15.433root 11241100x80000000000000002050045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b8ea2a645c50a22022-02-14 10:56:15.433root 11241100x80000000000000002050046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32658501bac338382022-02-14 10:56:15.433root 11241100x80000000000000002050047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adf6a7e3d8d962a2022-02-14 10:56:15.435root 11241100x80000000000000002050048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207db55d8870c1f72022-02-14 10:56:15.435root 11241100x80000000000000002050049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623ff8408673470b2022-02-14 10:56:15.435root 11241100x80000000000000002050050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5543054c01c82832022-02-14 10:56:15.930root 11241100x80000000000000002050051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f371d905c21dcc552022-02-14 10:56:15.930root 11241100x80000000000000002050052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96724e69577b0c252022-02-14 10:56:15.931root 11241100x80000000000000002050053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd582977bfa98fe52022-02-14 10:56:15.931root 11241100x80000000000000002050054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9f61f60eeb040b2022-02-14 10:56:15.932root 11241100x80000000000000002050055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c27552eeb2efd0a2022-02-14 10:56:15.932root 11241100x80000000000000002050056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ad6b3749b627e82022-02-14 10:56:15.933root 11241100x80000000000000002050057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2328b0090d1f4bff2022-02-14 10:56:15.933root 11241100x80000000000000002050058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1005be20a954f83a2022-02-14 10:56:15.934root 11241100x80000000000000002050059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f901cedeab3d052022-02-14 10:56:15.934root 11241100x80000000000000002050060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b19dc6338ac0b5e2022-02-14 10:56:15.934root 11241100x80000000000000002050061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1adbc4dd75263492022-02-14 10:56:15.934root 11241100x80000000000000002050062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e6f926e7f1b7742022-02-14 10:56:15.934root 11241100x80000000000000002050063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd9ca88d2403cb02022-02-14 10:56:15.934root 11241100x80000000000000002050064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c879a9b7d7f150b82022-02-14 10:56:15.934root 11241100x80000000000000002050065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60fce2d5f9f97112022-02-14 10:56:15.934root 11241100x80000000000000002050066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67f2c4d96929d322022-02-14 10:56:15.934root 11241100x80000000000000002050067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcf4b9d6c5c8e552022-02-14 10:56:15.934root 11241100x80000000000000002050068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591a5f2339ef4ce32022-02-14 10:56:15.934root 11241100x80000000000000002050069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2235ea1a71735c2022-02-14 10:56:15.934root 11241100x80000000000000002050070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fa611c9a9600e72022-02-14 10:56:15.934root 11241100x80000000000000002050071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:15.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f0d97693ec294e2022-02-14 10:56:15.934root 11241100x80000000000000002050072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959e5161977a06b82022-02-14 10:56:16.429root 11241100x80000000000000002050073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4c48d35d30f19c2022-02-14 10:56:16.430root 11241100x80000000000000002050074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475ddc957f5b2cc42022-02-14 10:56:16.430root 11241100x80000000000000002050075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d515c02eb971fa2022-02-14 10:56:16.430root 11241100x80000000000000002050076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d2972d7d1c00e52022-02-14 10:56:16.430root 11241100x80000000000000002050077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd132a34d5c1c102022-02-14 10:56:16.431root 11241100x80000000000000002050078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8246e9265c31b02022-02-14 10:56:16.431root 11241100x80000000000000002050079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ed302424ec75402022-02-14 10:56:16.431root 11241100x80000000000000002050080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b034bfd2b2cc2732022-02-14 10:56:16.431root 11241100x80000000000000002050081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e750c7efb26538e72022-02-14 10:56:16.431root 11241100x80000000000000002050082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cd230b2dd706c12022-02-14 10:56:16.432root 11241100x80000000000000002050083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440909f24ce10bf32022-02-14 10:56:16.432root 11241100x80000000000000002050084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b467e86f4816b57a2022-02-14 10:56:16.432root 11241100x80000000000000002050085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17b75870fc2b9f12022-02-14 10:56:16.432root 11241100x80000000000000002050086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c79506fb35a8af2022-02-14 10:56:16.432root 11241100x80000000000000002050087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07165b96747f9b12022-02-14 10:56:16.432root 11241100x80000000000000002050088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabc990be0c8f3cf2022-02-14 10:56:16.432root 11241100x80000000000000002050089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2a3cb9351257692022-02-14 10:56:16.432root 11241100x80000000000000002050090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9622d63d4457872022-02-14 10:56:16.432root 11241100x80000000000000002050091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719ef5e83095b5fe2022-02-14 10:56:16.433root 11241100x80000000000000002050092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cac575188ff8a802022-02-14 10:56:16.433root 11241100x80000000000000002050093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4b63aa334feb922022-02-14 10:56:16.433root 11241100x80000000000000002050094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79aaca3f8b8a870b2022-02-14 10:56:16.433root 11241100x80000000000000002050095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be22ce38f03dbf6f2022-02-14 10:56:16.433root 11241100x80000000000000002050096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d0b0a31690750e2022-02-14 10:56:16.433root 11241100x80000000000000002050097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16832be622357c82022-02-14 10:56:16.929root 11241100x80000000000000002050098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a407cc5e70b40782022-02-14 10:56:16.930root 11241100x80000000000000002050099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b3359dbcea59152022-02-14 10:56:16.930root 11241100x80000000000000002050100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98509b124783653f2022-02-14 10:56:16.930root 11241100x80000000000000002050101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c07293193a11722022-02-14 10:56:16.930root 11241100x80000000000000002050102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9de187916ca9e92022-02-14 10:56:16.930root 11241100x80000000000000002050103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8d7b2d8186dfa92022-02-14 10:56:16.931root 11241100x80000000000000002050104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a5daa9067764922022-02-14 10:56:16.931root 11241100x80000000000000002050105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f545b412ce1c91ce2022-02-14 10:56:16.931root 11241100x80000000000000002050106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fb0c1aa6a45f542022-02-14 10:56:16.931root 11241100x80000000000000002050107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdbd3f76f89975e2022-02-14 10:56:16.931root 11241100x80000000000000002050108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4588062a3ba63e9d2022-02-14 10:56:16.931root 11241100x80000000000000002050109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e348f829e2d238f2022-02-14 10:56:16.931root 11241100x80000000000000002050110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b48ef8b25388682022-02-14 10:56:16.932root 11241100x80000000000000002050111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94357d3279523472022-02-14 10:56:16.932root 11241100x80000000000000002050112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9036eaeaadf6ef5d2022-02-14 10:56:16.932root 11241100x80000000000000002050113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6a0270618c32482022-02-14 10:56:16.933root 11241100x80000000000000002050114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b798ce0385bfa62022-02-14 10:56:16.933root 11241100x80000000000000002050115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88aa1f90fc9536ad2022-02-14 10:56:16.933root 11241100x80000000000000002050116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f795ca5e4b9e75122022-02-14 10:56:16.933root 11241100x80000000000000002050117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aee8dbd772dddc2022-02-14 10:56:16.933root 11241100x80000000000000002050118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c6cd34962466de2022-02-14 10:56:16.933root 11241100x80000000000000002050119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b439dd99fe5eb4812022-02-14 10:56:16.933root 11241100x80000000000000002050120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:16.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0185b0ae3969e68c2022-02-14 10:56:16.934root 11241100x80000000000000002050121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2508ae8bbcee081d2022-02-14 10:56:17.429root 11241100x80000000000000002050122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d917ce8f6291d72022-02-14 10:56:17.430root 11241100x80000000000000002050123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79b93d3a64e64942022-02-14 10:56:17.430root 11241100x80000000000000002050124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51613e0343fdb9bb2022-02-14 10:56:17.430root 11241100x80000000000000002050125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f6f61ac1242da02022-02-14 10:56:17.430root 11241100x80000000000000002050126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955897265e316e922022-02-14 10:56:17.430root 11241100x80000000000000002050127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d13fdef801e4d72022-02-14 10:56:17.431root 11241100x80000000000000002050128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8db95b1f55017c2022-02-14 10:56:17.431root 11241100x80000000000000002050129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ce5fb74a1a1a082022-02-14 10:56:17.431root 11241100x80000000000000002050130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2896f343cb5167732022-02-14 10:56:17.431root 11241100x80000000000000002050131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba77de82fb70ab7a2022-02-14 10:56:17.431root 11241100x80000000000000002050132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a4a4afc384425b2022-02-14 10:56:17.431root 11241100x80000000000000002050133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588fdb01c72d2e8b2022-02-14 10:56:17.431root 11241100x80000000000000002050134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38934063fb1d86412022-02-14 10:56:17.431root 11241100x80000000000000002050135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c10cbff8ec2f9a2022-02-14 10:56:17.431root 11241100x80000000000000002050136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f637d708b7cd7c22022-02-14 10:56:17.431root 11241100x80000000000000002050137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6538d408ef287eaa2022-02-14 10:56:17.431root 11241100x80000000000000002050138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438175033e88e9fa2022-02-14 10:56:17.432root 11241100x80000000000000002050139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecb71ef65a405a82022-02-14 10:56:17.432root 11241100x80000000000000002050140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90e22d85a3d43592022-02-14 10:56:17.432root 11241100x80000000000000002050141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0982434af1dab15d2022-02-14 10:56:17.432root 11241100x80000000000000002050142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b2b681e2ea14232022-02-14 10:56:17.432root 11241100x80000000000000002050143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7747b86468bd6d2022-02-14 10:56:17.432root 11241100x80000000000000002050144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cbaac3ee077c2b2022-02-14 10:56:17.432root 11241100x80000000000000002050145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf790c9a990fae512022-02-14 10:56:17.432root 11241100x80000000000000002050146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5f8666bdf082ac2022-02-14 10:56:17.432root 11241100x80000000000000002050147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e8ef81a91273222022-02-14 10:56:17.930root 11241100x80000000000000002050148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cb86d53e6cb3dd2022-02-14 10:56:17.930root 11241100x80000000000000002050149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00c39f64e380ac52022-02-14 10:56:17.931root 11241100x80000000000000002050150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a5431500bf5c322022-02-14 10:56:17.931root 11241100x80000000000000002050151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075e24e29d5539f52022-02-14 10:56:17.931root 11241100x80000000000000002050152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b04ee8b8a9ffa8d2022-02-14 10:56:17.931root 11241100x80000000000000002050153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57cd76791d196712022-02-14 10:56:17.931root 11241100x80000000000000002050154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa222858b9200dc2022-02-14 10:56:17.931root 11241100x80000000000000002050155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e6f5ecc02f37472022-02-14 10:56:17.931root 11241100x80000000000000002050156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c93cb02209657d2022-02-14 10:56:17.931root 11241100x80000000000000002050157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2737690856ba87602022-02-14 10:56:17.931root 11241100x80000000000000002050158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19d034c1f07bf632022-02-14 10:56:17.931root 11241100x80000000000000002050159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ef049669af9b682022-02-14 10:56:17.931root 11241100x80000000000000002050160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b0d2623dea31d02022-02-14 10:56:17.931root 11241100x80000000000000002050161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992a837579bd99a32022-02-14 10:56:17.931root 11241100x80000000000000002050162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57894aec1a21f0de2022-02-14 10:56:17.931root 11241100x80000000000000002050163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509b18d5fae581932022-02-14 10:56:17.932root 11241100x80000000000000002050164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f5c196d9b4e6622022-02-14 10:56:17.932root 11241100x80000000000000002050165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca21537d12f069f82022-02-14 10:56:17.932root 11241100x80000000000000002050166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c659edd73282c8d2022-02-14 10:56:17.932root 11241100x80000000000000002050167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8ceaa31c50ea1a2022-02-14 10:56:17.932root 11241100x80000000000000002050168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fcc69c9f2dcd932022-02-14 10:56:17.932root 354300x80000000000000002050169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.017{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54678-false10.0.1.12-8000- 11241100x80000000000000002050170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fb0cfd56b325432022-02-14 10:56:18.429root 11241100x80000000000000002050171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53b6f9581ab790f2022-02-14 10:56:18.430root 11241100x80000000000000002050172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229f1043492924612022-02-14 10:56:18.430root 11241100x80000000000000002050173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8373238aead13f52022-02-14 10:56:18.430root 11241100x80000000000000002050174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc7bd76c024678a2022-02-14 10:56:18.430root 11241100x80000000000000002050175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb028bb4d3f10942022-02-14 10:56:18.430root 11241100x80000000000000002050176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb074f463cad8aab2022-02-14 10:56:18.430root 11241100x80000000000000002050177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc61565a7df58d92022-02-14 10:56:18.430root 11241100x80000000000000002050178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce56eec6810c3fe42022-02-14 10:56:18.430root 11241100x80000000000000002050179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e958274aeb6ee9c62022-02-14 10:56:18.430root 11241100x80000000000000002050180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fb3e9e8da3aa302022-02-14 10:56:18.430root 11241100x80000000000000002050181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0c79e214e89dae2022-02-14 10:56:18.430root 11241100x80000000000000002050182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532b5cd722a6b6cb2022-02-14 10:56:18.431root 11241100x80000000000000002050183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebbeaaec25401c52022-02-14 10:56:18.431root 11241100x80000000000000002050184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5daba125e445c47b2022-02-14 10:56:18.431root 11241100x80000000000000002050185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6313ff4350878e42022-02-14 10:56:18.431root 11241100x80000000000000002050186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2420407196f40d2022-02-14 10:56:18.431root 11241100x80000000000000002050187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1d7a1cf07d811b2022-02-14 10:56:18.431root 11241100x80000000000000002050188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e3160a8b7169ef2022-02-14 10:56:18.432root 11241100x80000000000000002050189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1b9e88e87da4a12022-02-14 10:56:18.432root 11241100x80000000000000002050190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96970138ae99f14d2022-02-14 10:56:18.432root 11241100x80000000000000002050191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e9c91c53d767b72022-02-14 10:56:18.432root 11241100x80000000000000002050192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b204af784bb84d882022-02-14 10:56:18.432root 11241100x80000000000000002050193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51881440b498790a2022-02-14 10:56:18.930root 11241100x80000000000000002050194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16222284c3b71af32022-02-14 10:56:18.931root 11241100x80000000000000002050195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0be69912bf190792022-02-14 10:56:18.931root 11241100x80000000000000002050196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcce33334d8164e02022-02-14 10:56:18.931root 11241100x80000000000000002050197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea8ff0effd10fc42022-02-14 10:56:18.931root 11241100x80000000000000002050198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe397570ceb54ceb2022-02-14 10:56:18.931root 11241100x80000000000000002050199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8ddbea42625eeb2022-02-14 10:56:18.931root 11241100x80000000000000002050200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f62a62978843ae2022-02-14 10:56:18.931root 11241100x80000000000000002050201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbb82622c2b7d5b2022-02-14 10:56:18.931root 11241100x80000000000000002050202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa53e76aed2ed7472022-02-14 10:56:18.931root 11241100x80000000000000002050203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fed715202914e7b2022-02-14 10:56:18.932root 11241100x80000000000000002050204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3852d05608ab4f2022-02-14 10:56:18.932root 11241100x80000000000000002050205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1008be62cd81722022-02-14 10:56:18.932root 11241100x80000000000000002050206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaa236aa5d451b22022-02-14 10:56:18.932root 11241100x80000000000000002050207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88046c97896030102022-02-14 10:56:18.932root 11241100x80000000000000002050208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450fdf65a12076052022-02-14 10:56:18.932root 11241100x80000000000000002050209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb198f1b5b8ceeec2022-02-14 10:56:18.932root 11241100x80000000000000002050210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861a9fcbaac9ffe22022-02-14 10:56:18.932root 11241100x80000000000000002050211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e364a9cd25fb772022-02-14 10:56:18.932root 11241100x80000000000000002050212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d404d5de35bac12022-02-14 10:56:18.932root 11241100x80000000000000002050213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4358aeeb9fe256c92022-02-14 10:56:18.932root 11241100x80000000000000002050214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7f52c4d1337b802022-02-14 10:56:18.932root 11241100x80000000000000002050215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e88ae81dfd25fe2022-02-14 10:56:18.932root 11241100x80000000000000002050216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6790853119743e0e2022-02-14 10:56:19.430root 11241100x80000000000000002050217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068e32bd286ba1712022-02-14 10:56:19.430root 11241100x80000000000000002050218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40336e207f615fd92022-02-14 10:56:19.430root 11241100x80000000000000002050219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a49174d418d66d22022-02-14 10:56:19.430root 11241100x80000000000000002050220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4be6d4513bc39a2022-02-14 10:56:19.430root 11241100x80000000000000002050221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a758977c2cade5492022-02-14 10:56:19.430root 11241100x80000000000000002050222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd3125eeb6a50662022-02-14 10:56:19.430root 11241100x80000000000000002050223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b67e83ce575cd12022-02-14 10:56:19.430root 11241100x80000000000000002050224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ba33ee2fc4b4622022-02-14 10:56:19.430root 11241100x80000000000000002050225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59c55455a60a3052022-02-14 10:56:19.431root 11241100x80000000000000002050226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52a554624efb2ee2022-02-14 10:56:19.431root 11241100x80000000000000002050227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef47ad47accf50c12022-02-14 10:56:19.431root 11241100x80000000000000002050228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e873f8f778b454c52022-02-14 10:56:19.431root 11241100x80000000000000002050229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0b9760ef38b2412022-02-14 10:56:19.431root 11241100x80000000000000002050230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd65db0f1f8c38e62022-02-14 10:56:19.431root 11241100x80000000000000002050231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c92671dab029c3b2022-02-14 10:56:19.431root 11241100x80000000000000002050232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4583005a108deb2022-02-14 10:56:19.431root 11241100x80000000000000002050233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc08816bc41b5ce2022-02-14 10:56:19.431root 11241100x80000000000000002050234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c35d508ba1470d2022-02-14 10:56:19.431root 11241100x80000000000000002050235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ff1921447499fd2022-02-14 10:56:19.431root 11241100x80000000000000002050236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5170215deccbbb2022-02-14 10:56:19.431root 11241100x80000000000000002050237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33308b0562f33872022-02-14 10:56:19.432root 11241100x80000000000000002050238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344f4e9888dc05982022-02-14 10:56:19.432root 11241100x80000000000000002050239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d6ac743b13a9352022-02-14 10:56:19.930root 11241100x80000000000000002050240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d449a013e977272022-02-14 10:56:19.930root 11241100x80000000000000002050241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d18c38cea928c1c2022-02-14 10:56:19.930root 11241100x80000000000000002050242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8595451f74d21caa2022-02-14 10:56:19.930root 11241100x80000000000000002050243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36e907ee5fadaf72022-02-14 10:56:19.931root 11241100x80000000000000002050244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674b6bbee6dddaa72022-02-14 10:56:19.931root 11241100x80000000000000002050245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe49d12d727d86ab2022-02-14 10:56:19.931root 11241100x80000000000000002050246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd93216e584f61082022-02-14 10:56:19.931root 11241100x80000000000000002050247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ca30cddc7933b52022-02-14 10:56:19.931root 11241100x80000000000000002050248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f009b93a3e4bd42022-02-14 10:56:19.931root 11241100x80000000000000002050249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c671cd30da8fa052022-02-14 10:56:19.931root 11241100x80000000000000002050250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81879fa319ed8f1f2022-02-14 10:56:19.931root 11241100x80000000000000002050251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4ae33120e58efc2022-02-14 10:56:19.931root 11241100x80000000000000002050252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e71f446e0aa7d272022-02-14 10:56:19.931root 11241100x80000000000000002050253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2a762efc518bad2022-02-14 10:56:19.932root 11241100x80000000000000002050254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193e3bff26e09df52022-02-14 10:56:19.932root 11241100x80000000000000002050255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4148b534924176b2022-02-14 10:56:19.932root 11241100x80000000000000002050256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa70dc81f40c3f8e2022-02-14 10:56:19.932root 11241100x80000000000000002050257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e26be805b543c92022-02-14 10:56:19.932root 11241100x80000000000000002050258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a2de0bd51743b52022-02-14 10:56:19.932root 11241100x80000000000000002050259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462fe594ecc6e26e2022-02-14 10:56:19.933root 11241100x80000000000000002050260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee774d07d356a4392022-02-14 10:56:19.933root 11241100x80000000000000002050261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a010b4195e28a1672022-02-14 10:56:19.933root 11241100x80000000000000002050262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fdee9387946a532022-02-14 10:56:19.933root 11241100x80000000000000002050263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:19.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0287d0044fd1522022-02-14 10:56:19.933root 11241100x80000000000000002050264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8857513fa07ddcfd2022-02-14 10:56:20.430root 11241100x80000000000000002050265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a218b2aba9db742022-02-14 10:56:20.430root 11241100x80000000000000002050266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46dbf785b35d88a2022-02-14 10:56:20.431root 11241100x80000000000000002050267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51401f25b3767c0a2022-02-14 10:56:20.431root 11241100x80000000000000002050268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52983acffe63f592022-02-14 10:56:20.431root 11241100x80000000000000002050269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c192d443020f8d2022-02-14 10:56:20.431root 11241100x80000000000000002050270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5531942a14ed67b42022-02-14 10:56:20.431root 11241100x80000000000000002050271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a291b3c03cb88e2022-02-14 10:56:20.431root 11241100x80000000000000002050272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ee59fee25e954e2022-02-14 10:56:20.431root 11241100x80000000000000002050273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47796f91daa56712022-02-14 10:56:20.431root 11241100x80000000000000002050274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa9cb4f7ab6acf72022-02-14 10:56:20.432root 11241100x80000000000000002050275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3de562053edc8a12022-02-14 10:56:20.432root 11241100x80000000000000002050276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8717d0342b06212022-02-14 10:56:20.432root 11241100x80000000000000002050277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463f41377f8b57af2022-02-14 10:56:20.432root 11241100x80000000000000002050278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518dad97d44981472022-02-14 10:56:20.432root 11241100x80000000000000002050279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d864e483acb8bb332022-02-14 10:56:20.432root 11241100x80000000000000002050280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764993f56e5e5a312022-02-14 10:56:20.432root 11241100x80000000000000002050281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27607398772d0752022-02-14 10:56:20.432root 11241100x80000000000000002050282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de7b7c41a14ef52022-02-14 10:56:20.432root 11241100x80000000000000002050283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff805146f722d3062022-02-14 10:56:20.432root 11241100x80000000000000002050284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b73eef011dae81f2022-02-14 10:56:20.433root 11241100x80000000000000002050285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736755bac624c4182022-02-14 10:56:20.433root 11241100x80000000000000002050286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b8cd9f13dd5ad82022-02-14 10:56:20.433root 11241100x80000000000000002050287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc1646b6f343e692022-02-14 10:56:20.930root 11241100x80000000000000002050288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d95f60c80cbdbd62022-02-14 10:56:20.930root 11241100x80000000000000002050289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b74b461fcc12cda2022-02-14 10:56:20.931root 11241100x80000000000000002050290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220588b00190c7142022-02-14 10:56:20.931root 11241100x80000000000000002050291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1705ca4316d9a6fc2022-02-14 10:56:20.931root 11241100x80000000000000002050292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72bdd32f253aebb2022-02-14 10:56:20.931root 11241100x80000000000000002050293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5286dde9bf06ecb52022-02-14 10:56:20.931root 11241100x80000000000000002050294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff7c5ad0fdccf242022-02-14 10:56:20.931root 11241100x80000000000000002050295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303a9b7718f9d4fd2022-02-14 10:56:20.931root 11241100x80000000000000002050296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbaa0fafdfc16a52022-02-14 10:56:20.931root 11241100x80000000000000002050297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e510e1a8f2aee942022-02-14 10:56:20.931root 11241100x80000000000000002050298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72823763ae8c73542022-02-14 10:56:20.931root 11241100x80000000000000002050299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d204e108fe7cb3b62022-02-14 10:56:20.931root 11241100x80000000000000002050300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49dba99d74edbdd2022-02-14 10:56:20.931root 11241100x80000000000000002050301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70531fcdf5ac191c2022-02-14 10:56:20.931root 11241100x80000000000000002050302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7496e8dcd2f546a42022-02-14 10:56:20.931root 11241100x80000000000000002050303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2657c39b34bcdb612022-02-14 10:56:20.932root 11241100x80000000000000002050304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8c40ccc444ff032022-02-14 10:56:20.932root 11241100x80000000000000002050305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8235e43fffe9692022-02-14 10:56:20.932root 11241100x80000000000000002050306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea1d78c7664759a2022-02-14 10:56:20.932root 11241100x80000000000000002050307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc79ef7c3719564c2022-02-14 10:56:20.932root 11241100x80000000000000002050308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563c7a9658820e8f2022-02-14 10:56:20.932root 11241100x80000000000000002050309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f483f09e8fa839be2022-02-14 10:56:20.932root 11241100x80000000000000002050310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afa31fbc908ed0d2022-02-14 10:56:21.430root 11241100x80000000000000002050311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcd1b779107fe972022-02-14 10:56:21.431root 11241100x80000000000000002050312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a87c3d479b053d2022-02-14 10:56:21.432root 11241100x80000000000000002050313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62893bb992c6daf42022-02-14 10:56:21.432root 11241100x80000000000000002050314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42447771b569ca152022-02-14 10:56:21.432root 11241100x80000000000000002050315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40d858c0ec143412022-02-14 10:56:21.432root 11241100x80000000000000002050316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11162fbc294197e92022-02-14 10:56:21.432root 11241100x80000000000000002050317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7749db90ad06a02022-02-14 10:56:21.432root 11241100x80000000000000002050318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e819f3b1e4bcf672022-02-14 10:56:21.432root 11241100x80000000000000002050319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5663a3b0c4025da02022-02-14 10:56:21.432root 11241100x80000000000000002050320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c5def5c66df0b52022-02-14 10:56:21.433root 11241100x80000000000000002050321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfd9ea562ee64472022-02-14 10:56:21.433root 11241100x80000000000000002050322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1210ade4207d3fdf2022-02-14 10:56:21.433root 11241100x80000000000000002050323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859dd4e1f52243522022-02-14 10:56:21.433root 11241100x80000000000000002050324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b822e4da232dc45e2022-02-14 10:56:21.433root 11241100x80000000000000002050325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2a8ab6423b17302022-02-14 10:56:21.434root 11241100x80000000000000002050326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e9035e1d878c552022-02-14 10:56:21.434root 11241100x80000000000000002050327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0941829b51fef7892022-02-14 10:56:21.434root 11241100x80000000000000002050328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43eae199241d79c12022-02-14 10:56:21.434root 11241100x80000000000000002050329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c0ca82264a2af42022-02-14 10:56:21.434root 11241100x80000000000000002050330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61df89b79b2deefe2022-02-14 10:56:21.434root 11241100x80000000000000002050331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca7c23cff077d9f2022-02-14 10:56:21.434root 11241100x80000000000000002050332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3519447faf35082022-02-14 10:56:21.434root 11241100x80000000000000002050333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517af2ccf4667e822022-02-14 10:56:21.930root 11241100x80000000000000002050334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7a69e2fd3afa702022-02-14 10:56:21.930root 11241100x80000000000000002050335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a112ae20f3bc962022-02-14 10:56:21.930root 11241100x80000000000000002050336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a3b6116476f6df2022-02-14 10:56:21.931root 11241100x80000000000000002050337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27fa742f1efa3c02022-02-14 10:56:21.931root 11241100x80000000000000002050338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa53e84bcc3eb0952022-02-14 10:56:21.931root 11241100x80000000000000002050339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e278b9c0adbd372022-02-14 10:56:21.931root 11241100x80000000000000002050340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fd29f5dc80677b2022-02-14 10:56:21.931root 11241100x80000000000000002050341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f89099d8467af112022-02-14 10:56:21.931root 11241100x80000000000000002050342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f6ef4312841d302022-02-14 10:56:21.932root 11241100x80000000000000002050343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a2f556bb0775472022-02-14 10:56:21.932root 11241100x80000000000000002050344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4861cae0c3461f7d2022-02-14 10:56:21.932root 11241100x80000000000000002050345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9505bade99a10a5b2022-02-14 10:56:21.932root 11241100x80000000000000002050346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4675dab23dc54132022-02-14 10:56:21.932root 11241100x80000000000000002050347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d60cb19f3b7d1172022-02-14 10:56:21.933root 11241100x80000000000000002050348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0847283201f92c2022-02-14 10:56:21.933root 11241100x80000000000000002050349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f3b434cea2ce1b2022-02-14 10:56:21.933root 11241100x80000000000000002050350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a4b21b455e8b902022-02-14 10:56:21.933root 11241100x80000000000000002050351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e9e6a846f91f02022-02-14 10:56:21.933root 11241100x80000000000000002050352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41ed8a31a6540882022-02-14 10:56:21.933root 11241100x80000000000000002050353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7feeb1669c31012022-02-14 10:56:21.933root 11241100x80000000000000002050354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25edaacd56ee7352022-02-14 10:56:21.933root 11241100x80000000000000002050355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba065eebd1432d0b2022-02-14 10:56:21.933root 11241100x80000000000000002050356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016586ba073ece8a2022-02-14 10:56:22.430root 11241100x80000000000000002050357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907384bc48639b172022-02-14 10:56:22.430root 11241100x80000000000000002050358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af299fea387175102022-02-14 10:56:22.430root 11241100x80000000000000002050359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfbf83ef22992322022-02-14 10:56:22.430root 11241100x80000000000000002050360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa4a49be04314882022-02-14 10:56:22.430root 11241100x80000000000000002050361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053f3192ee591a052022-02-14 10:56:22.430root 11241100x80000000000000002050362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf47135bc7eeaaf82022-02-14 10:56:22.430root 11241100x80000000000000002050363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd6e350e83f8ea02022-02-14 10:56:22.431root 11241100x80000000000000002050364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a15d9b070a198b2022-02-14 10:56:22.431root 11241100x80000000000000002050365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bfe9bc980d356b2022-02-14 10:56:22.431root 11241100x80000000000000002050366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e325f5586587fab2022-02-14 10:56:22.431root 11241100x80000000000000002050367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96cf0be23f777962022-02-14 10:56:22.431root 11241100x80000000000000002050368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b653e833a10b142022-02-14 10:56:22.431root 11241100x80000000000000002050369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f39f17fa17ba672022-02-14 10:56:22.431root 11241100x80000000000000002050370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e75b0bf39d52ad22022-02-14 10:56:22.431root 11241100x80000000000000002050371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd36df2b4705ed562022-02-14 10:56:22.431root 11241100x80000000000000002050372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc1541f2d4f697b2022-02-14 10:56:22.431root 11241100x80000000000000002050373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b75c65c4e736912022-02-14 10:56:22.431root 11241100x80000000000000002050374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8c88f64efeca1c2022-02-14 10:56:22.432root 11241100x80000000000000002050375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d66334e217da0572022-02-14 10:56:22.432root 11241100x80000000000000002050376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e8dd001ea1ef9c2022-02-14 10:56:22.432root 11241100x80000000000000002050377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357907caf109781d2022-02-14 10:56:22.432root 11241100x80000000000000002050378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f327040f785f92512022-02-14 10:56:22.432root 11241100x80000000000000002050379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb2bfe46234a7282022-02-14 10:56:22.929root 11241100x80000000000000002050380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab777240f1de1f0b2022-02-14 10:56:22.930root 11241100x80000000000000002050381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79982563b83882572022-02-14 10:56:22.930root 11241100x80000000000000002050382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3bddc481b941452022-02-14 10:56:22.930root 11241100x80000000000000002050383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e86973094feb9ee2022-02-14 10:56:22.930root 11241100x80000000000000002050384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797c21c2367ecf5f2022-02-14 10:56:22.930root 11241100x80000000000000002050385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edb5664a12f4fee2022-02-14 10:56:22.930root 11241100x80000000000000002050386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6651246826431c2c2022-02-14 10:56:22.930root 11241100x80000000000000002050387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc9e6820f569bf32022-02-14 10:56:22.930root 11241100x80000000000000002050388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b385113bff452c2022-02-14 10:56:22.931root 11241100x80000000000000002050389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11ee54397b142152022-02-14 10:56:22.931root 11241100x80000000000000002050390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0ad57b970245b42022-02-14 10:56:22.931root 11241100x80000000000000002050391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c383d6c0f3624a2d2022-02-14 10:56:22.931root 11241100x80000000000000002050392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e464bef8d4f9e9eb2022-02-14 10:56:22.932root 11241100x80000000000000002050393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ecb484053ada292022-02-14 10:56:22.932root 11241100x80000000000000002050394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951d1444bbe937462022-02-14 10:56:22.932root 11241100x80000000000000002050395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae34c8fca07bbb52022-02-14 10:56:22.933root 11241100x80000000000000002050396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dbdedc493b859e2022-02-14 10:56:22.933root 11241100x80000000000000002050397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7368d703122049d2022-02-14 10:56:22.934root 11241100x80000000000000002050398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd849ae7d536412f2022-02-14 10:56:22.934root 11241100x80000000000000002050399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7bc9729a8e318e2022-02-14 10:56:22.934root 11241100x80000000000000002050400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c63456043fdacb2022-02-14 10:56:22.934root 11241100x80000000000000002050401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cad7113b7f51682022-02-14 10:56:22.934root 11241100x80000000000000002050402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a7c3b0e8a19fb42022-02-14 10:56:22.934root 11241100x80000000000000002050403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e900a52f4a2ab4c72022-02-14 10:56:22.934root 11241100x80000000000000002050404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab72eda866105e852022-02-14 10:56:22.934root 11241100x80000000000000002050405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b91ad1404de7e6e2022-02-14 10:56:22.934root 11241100x80000000000000002050406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a922c52c21b00a2022-02-14 10:56:22.934root 11241100x80000000000000002050407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afa1596fb6d84832022-02-14 10:56:22.934root 11241100x80000000000000002050408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7c68c12908165f2022-02-14 10:56:22.934root 11241100x80000000000000002050409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f12cbb6ccc6c5612022-02-14 10:56:22.934root 354300x80000000000000002050410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.250{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54680-false10.0.1.12-8000- 11241100x80000000000000002050411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abb6617ec61818e2022-02-14 10:56:23.251root 11241100x80000000000000002050412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5f3d99cf87a8aa2022-02-14 10:56:23.251root 11241100x80000000000000002050413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dd13b8b7d72a812022-02-14 10:56:23.251root 11241100x80000000000000002050414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e2edd1fee24f432022-02-14 10:56:23.251root 11241100x80000000000000002050415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475e89150bc4fd702022-02-14 10:56:23.251root 11241100x80000000000000002050416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641f4524210956532022-02-14 10:56:23.251root 11241100x80000000000000002050417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3569598db974a35c2022-02-14 10:56:23.251root 11241100x80000000000000002050418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d3d48224520dc02022-02-14 10:56:23.251root 11241100x80000000000000002050419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff0830ddce76f672022-02-14 10:56:23.251root 11241100x80000000000000002050420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f74ac70d272aed12022-02-14 10:56:23.251root 11241100x80000000000000002050421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488042cd504ccb782022-02-14 10:56:23.251root 11241100x80000000000000002050422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2e07eb3656ba9e2022-02-14 10:56:23.251root 11241100x80000000000000002050423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.251{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc360a9dd500b452022-02-14 10:56:23.251root 11241100x80000000000000002050424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.252{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05f7be76fad58bd2022-02-14 10:56:23.252root 11241100x80000000000000002050425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.252{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b84b593d4793b72022-02-14 10:56:23.252root 11241100x80000000000000002050426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.253{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9506790f737560462022-02-14 10:56:23.253root 11241100x80000000000000002050427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.253{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d1e9fb435fcd8a2022-02-14 10:56:23.253root 11241100x80000000000000002050428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.253{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c294227d9895d5e72022-02-14 10:56:23.253root 11241100x80000000000000002050429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.253{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0260ac7e6d28eaa42022-02-14 10:56:23.253root 11241100x80000000000000002050430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.253{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59468a2a43453ce42022-02-14 10:56:23.253root 11241100x80000000000000002050431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.253{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0873ee69b82e2e1c2022-02-14 10:56:23.253root 11241100x80000000000000002050432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.253{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c528c44bb9ab982022-02-14 10:56:23.253root 11241100x80000000000000002050433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.253{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb95f08e9f7b58bd2022-02-14 10:56:23.253root 11241100x80000000000000002050434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.254{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533404dacaf547ad2022-02-14 10:56:23.254root 11241100x80000000000000002050435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.254{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faef6c07037cbe652022-02-14 10:56:23.254root 11241100x80000000000000002050436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.254{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69ffe6e840c69c82022-02-14 10:56:23.254root 11241100x80000000000000002050437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.254{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99905fbf4d9ae4c02022-02-14 10:56:23.254root 11241100x80000000000000002050438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.254{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba08307bff1b965c2022-02-14 10:56:23.254root 11241100x80000000000000002050439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.254{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f02c3db5d9fba032022-02-14 10:56:23.254root 11241100x80000000000000002050440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.254{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2f8e556c69b0972022-02-14 10:56:23.254root 11241100x80000000000000002050441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.254{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efd5ba42aa507182022-02-14 10:56:23.254root 11241100x80000000000000002050442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.254{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7265ff37e49f9c3c2022-02-14 10:56:23.254root 11241100x80000000000000002050443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.255{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c7fcaa650ec0fe2022-02-14 10:56:23.255root 11241100x80000000000000002050444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.255{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d2dc5894fabb972022-02-14 10:56:23.255root 11241100x80000000000000002050445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.255{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d95b0a477f7d7132022-02-14 10:56:23.255root 11241100x80000000000000002050446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.255{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8cde83f86538352022-02-14 10:56:23.255root 11241100x80000000000000002050447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.255{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51e5425d06223552022-02-14 10:56:23.255root 11241100x80000000000000002050448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.255{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c1204c445580ff2022-02-14 10:56:23.255root 11241100x80000000000000002050449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90770a24f47dc2812022-02-14 10:56:23.680root 11241100x80000000000000002050450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17e7872ee410a262022-02-14 10:56:23.680root 11241100x80000000000000002050451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea2e8d7d63a2af32022-02-14 10:56:23.680root 11241100x80000000000000002050452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230bfda66bbdfbf22022-02-14 10:56:23.681root 11241100x80000000000000002050453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58236a176e281ec62022-02-14 10:56:23.681root 11241100x80000000000000002050454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11ea3a1216475502022-02-14 10:56:23.681root 11241100x80000000000000002050455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af02f3821c28be142022-02-14 10:56:23.681root 11241100x80000000000000002050456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c8a020df73eed52022-02-14 10:56:23.681root 11241100x80000000000000002050457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0f40be1e7d58272022-02-14 10:56:23.681root 11241100x80000000000000002050458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cc7c61369b85612022-02-14 10:56:23.682root 11241100x80000000000000002050459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0687366bf39a0f2022-02-14 10:56:23.682root 11241100x80000000000000002050460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a14f1b7bb8f37c2022-02-14 10:56:23.682root 11241100x80000000000000002050461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419d8017324645e62022-02-14 10:56:23.682root 11241100x80000000000000002050462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cba48572757f572022-02-14 10:56:23.682root 11241100x80000000000000002050463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d779cb84fc371d52022-02-14 10:56:23.682root 11241100x80000000000000002050464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715d939f947afa9c2022-02-14 10:56:23.683root 11241100x80000000000000002050465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98174949fbef9be72022-02-14 10:56:23.683root 11241100x80000000000000002050466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18508ccfeff0ffe72022-02-14 10:56:23.683root 11241100x80000000000000002050467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da439d080a928702022-02-14 10:56:23.683root 11241100x80000000000000002050468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42784b887d7e48ff2022-02-14 10:56:23.683root 11241100x80000000000000002050469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6526993d40a24a2022-02-14 10:56:23.683root 11241100x80000000000000002050470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61401d09b539e202022-02-14 10:56:23.683root 11241100x80000000000000002050471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b210e175a1edef362022-02-14 10:56:23.683root 11241100x80000000000000002050472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8a9b424b977f812022-02-14 10:56:23.683root 11241100x80000000000000002050473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c8ce5ed7c759ac2022-02-14 10:56:24.180root 11241100x80000000000000002050474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e8b02c26bb944c2022-02-14 10:56:24.180root 11241100x80000000000000002050475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf34017bb3524eb2022-02-14 10:56:24.181root 11241100x80000000000000002050476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd407550f770c2252022-02-14 10:56:24.181root 11241100x80000000000000002050477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239bf76713b604772022-02-14 10:56:24.181root 11241100x80000000000000002050478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1168e51844ea7932022-02-14 10:56:24.181root 11241100x80000000000000002050479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3cb3ebac9d2a792022-02-14 10:56:24.182root 11241100x80000000000000002050480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b254391618c97412022-02-14 10:56:24.182root 11241100x80000000000000002050481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cddc80910a0d332022-02-14 10:56:24.182root 11241100x80000000000000002050482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8059a75ee9372da2022-02-14 10:56:24.182root 11241100x80000000000000002050483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40760cdb02283a872022-02-14 10:56:24.182root 11241100x80000000000000002050484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b9a3ca23ff86d32022-02-14 10:56:24.182root 11241100x80000000000000002050485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4528d4ae919329ad2022-02-14 10:56:24.182root 11241100x80000000000000002050486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4d3b4cec4b4a392022-02-14 10:56:24.182root 11241100x80000000000000002050487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf74922713f63f12022-02-14 10:56:24.182root 11241100x80000000000000002050488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e1fa58e407f8c02022-02-14 10:56:24.183root 11241100x80000000000000002050489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c3a240e81596172022-02-14 10:56:24.183root 11241100x80000000000000002050490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f3f1aa4c35e43f2022-02-14 10:56:24.183root 11241100x80000000000000002050491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cae1df00d4d1c122022-02-14 10:56:24.183root 11241100x80000000000000002050492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12992326b7d63beb2022-02-14 10:56:24.183root 11241100x80000000000000002050493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ddcc87f1faee582022-02-14 10:56:24.183root 11241100x80000000000000002050494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755941867c49dff42022-02-14 10:56:24.183root 11241100x80000000000000002050495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f36a0ac5fe0fe6b2022-02-14 10:56:24.183root 11241100x80000000000000002050496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2cdea0effc04ba2022-02-14 10:56:24.183root 11241100x80000000000000002050497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef2b84c5fef11022022-02-14 10:56:24.680root 11241100x80000000000000002050498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e86b185a13434f2022-02-14 10:56:24.680root 11241100x80000000000000002050499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bfa3a3ae31f9ee2022-02-14 10:56:24.680root 11241100x80000000000000002050500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacdadaaac5f09e72022-02-14 10:56:24.680root 11241100x80000000000000002050501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b249e203d11547c72022-02-14 10:56:24.681root 11241100x80000000000000002050502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe877d66e3a244872022-02-14 10:56:24.681root 11241100x80000000000000002050503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32222a702804a5582022-02-14 10:56:24.681root 11241100x80000000000000002050504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c0aec659ca06a02022-02-14 10:56:24.681root 11241100x80000000000000002050505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1e9bb599a421942022-02-14 10:56:24.681root 11241100x80000000000000002050506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4149924491ed64882022-02-14 10:56:24.681root 11241100x80000000000000002050507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8857f78ef6d0c6d82022-02-14 10:56:24.682root 11241100x80000000000000002050508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f721b688a893082022-02-14 10:56:24.682root 11241100x80000000000000002050509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7a829adaabde392022-02-14 10:56:24.682root 11241100x80000000000000002050510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2897fdb166981c2022-02-14 10:56:24.682root 11241100x80000000000000002050511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795b9ee6160cf6832022-02-14 10:56:24.682root 11241100x80000000000000002050512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebac125b4590c7122022-02-14 10:56:24.683root 11241100x80000000000000002050513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0ca60ed2fba1d52022-02-14 10:56:24.683root 11241100x80000000000000002050514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e1d254af9ce6f82022-02-14 10:56:24.683root 11241100x80000000000000002050515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a825adb29bcbbb8c2022-02-14 10:56:24.683root 11241100x80000000000000002050516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cee2f1a3a97f5c42022-02-14 10:56:24.683root 11241100x80000000000000002050517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f22735199aac8a2022-02-14 10:56:24.683root 11241100x80000000000000002050518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c708bf251dcd61592022-02-14 10:56:24.683root 11241100x80000000000000002050519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c1c9f602c178502022-02-14 10:56:24.683root 11241100x80000000000000002050520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5059413ddff3b4a2022-02-14 10:56:24.683root 11241100x80000000000000002050521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c078f438fb21d7182022-02-14 10:56:25.180root 11241100x80000000000000002050522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edec2296b71387992022-02-14 10:56:25.180root 11241100x80000000000000002050523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedf6d9aa91ea1672022-02-14 10:56:25.180root 11241100x80000000000000002050524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ff293666bab2c02022-02-14 10:56:25.180root 11241100x80000000000000002050525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e99b4a2a776eeb2022-02-14 10:56:25.180root 11241100x80000000000000002050526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea996c9a29cdf3a2022-02-14 10:56:25.180root 11241100x80000000000000002050527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9e8f92e5a0c2ee2022-02-14 10:56:25.180root 11241100x80000000000000002050528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf98f5fcfb2bb68a2022-02-14 10:56:25.180root 11241100x80000000000000002050529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a57217e8aa279c2022-02-14 10:56:25.181root 11241100x80000000000000002050530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca9395caa582cf52022-02-14 10:56:25.181root 11241100x80000000000000002050531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20e41fc04383b0d2022-02-14 10:56:25.181root 11241100x80000000000000002050532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95812d80fc5e7632022-02-14 10:56:25.181root 11241100x80000000000000002050533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecb2c7ddefb5ea82022-02-14 10:56:25.182root 11241100x80000000000000002050534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2946726e2e9ea52022-02-14 10:56:25.182root 11241100x80000000000000002050535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82aad759cb0bfc4a2022-02-14 10:56:25.182root 11241100x80000000000000002050536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c860c670990c95012022-02-14 10:56:25.182root 11241100x80000000000000002050537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2111e2e3277ac052022-02-14 10:56:25.183root 11241100x80000000000000002050538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9516ef2d543742a42022-02-14 10:56:25.183root 11241100x80000000000000002050539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552a5ce27020b6642022-02-14 10:56:25.183root 11241100x80000000000000002050540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f79c53ce59e6f12022-02-14 10:56:25.183root 11241100x80000000000000002050541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e2d5fc0749c0c02022-02-14 10:56:25.184root 11241100x80000000000000002050542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179a4a49bc0cbf5a2022-02-14 10:56:25.184root 11241100x80000000000000002050543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3714bf44c487ce702022-02-14 10:56:25.184root 11241100x80000000000000002050544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af46f8f876a2b2be2022-02-14 10:56:25.185root 11241100x80000000000000002050545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f220b44cea86d92022-02-14 10:56:25.185root 11241100x80000000000000002050546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353b2eb4fd43e8be2022-02-14 10:56:25.185root 11241100x80000000000000002050547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73642b3bb4b453532022-02-14 10:56:25.185root 11241100x80000000000000002050548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda01098b67232802022-02-14 10:56:25.185root 11241100x80000000000000002050549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63f69fe445077c82022-02-14 10:56:25.185root 11241100x80000000000000002050550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032ad1fcb57a14842022-02-14 10:56:25.680root 11241100x80000000000000002050551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2a895f3c4096212022-02-14 10:56:25.680root 11241100x80000000000000002050552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66baf28c3dd83562022-02-14 10:56:25.680root 11241100x80000000000000002050553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f446d69f358656092022-02-14 10:56:25.680root 11241100x80000000000000002050554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90316045634bcd22022-02-14 10:56:25.681root 11241100x80000000000000002050555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd427e1cc4e5cc472022-02-14 10:56:25.681root 11241100x80000000000000002050556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e485e99aabc57b2022-02-14 10:56:25.681root 11241100x80000000000000002050557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193f64ba3adeff352022-02-14 10:56:25.681root 11241100x80000000000000002050558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ccecbcec8497e02022-02-14 10:56:25.681root 11241100x80000000000000002050559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9c453034cd1aee2022-02-14 10:56:25.681root 11241100x80000000000000002050560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd65a99e920931d42022-02-14 10:56:25.682root 11241100x80000000000000002050561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83f16a7d768c11e2022-02-14 10:56:25.682root 11241100x80000000000000002050562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bca907efb1eced2022-02-14 10:56:25.682root 11241100x80000000000000002050563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e5141cac1c6ba92022-02-14 10:56:25.682root 11241100x80000000000000002050564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8971aef0efb66a22022-02-14 10:56:25.683root 11241100x80000000000000002050565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cb4250105394382022-02-14 10:56:25.683root 11241100x80000000000000002050566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e937f86d443216002022-02-14 10:56:25.683root 11241100x80000000000000002050567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae77e54cbc7cc3b12022-02-14 10:56:25.683root 11241100x80000000000000002050568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f7468c39a3821e2022-02-14 10:56:25.683root 11241100x80000000000000002050569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d2cbfc8cd8e2b62022-02-14 10:56:25.684root 11241100x80000000000000002050570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011ef7ee5935b93c2022-02-14 10:56:25.685root 11241100x80000000000000002050571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c69c8b65cb27822022-02-14 10:56:25.685root 11241100x80000000000000002050572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056d2da47f9f419a2022-02-14 10:56:25.686root 11241100x80000000000000002050573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:25.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cab65cc78f615b2022-02-14 10:56:25.686root 11241100x80000000000000002050574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa68e0a8cf456bc52022-02-14 10:56:26.180root 11241100x80000000000000002050575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dae7418d6673b422022-02-14 10:56:26.180root 11241100x80000000000000002050576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243a2c5a2b1475972022-02-14 10:56:26.181root 11241100x80000000000000002050577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267272aff06e4d652022-02-14 10:56:26.181root 11241100x80000000000000002050578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db43b131485fd0d82022-02-14 10:56:26.181root 11241100x80000000000000002050579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6307e9767120795d2022-02-14 10:56:26.181root 11241100x80000000000000002050580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919987d0b591b04e2022-02-14 10:56:26.181root 11241100x80000000000000002050581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2bae96393c4ec32022-02-14 10:56:26.181root 11241100x80000000000000002050582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64db1bb22dac92e82022-02-14 10:56:26.182root 11241100x80000000000000002050583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b87a101a4fe7e342022-02-14 10:56:26.182root 11241100x80000000000000002050584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957ccf4dd9ad3f792022-02-14 10:56:26.182root 11241100x80000000000000002050585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719d1b95c111c2042022-02-14 10:56:26.182root 11241100x80000000000000002050586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a99163e4dbd4a52022-02-14 10:56:26.182root 11241100x80000000000000002050587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fae0b2e04087282022-02-14 10:56:26.183root 11241100x80000000000000002050588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def6895d42dbc7f52022-02-14 10:56:26.183root 11241100x80000000000000002050589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f673f3a495dd5832022-02-14 10:56:26.183root 11241100x80000000000000002050590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ecee7e37fdb4db2022-02-14 10:56:26.183root 11241100x80000000000000002050591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e81ed91f892bdc2022-02-14 10:56:26.184root 11241100x80000000000000002050592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b56d1b885fc41b92022-02-14 10:56:26.184root 11241100x80000000000000002050593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1661afffa5eaa30a2022-02-14 10:56:26.184root 11241100x80000000000000002050594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb9ae479f7b11c62022-02-14 10:56:26.185root 11241100x80000000000000002050595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5443439a86ee2fc2022-02-14 10:56:26.185root 11241100x80000000000000002050596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66996397459db89b2022-02-14 10:56:26.185root 11241100x80000000000000002050597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba5a2bbe21258fa2022-02-14 10:56:26.185root 11241100x80000000000000002050598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156953f9cb56ee4c2022-02-14 10:56:26.680root 11241100x80000000000000002050599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e48414a3220a782022-02-14 10:56:26.680root 11241100x80000000000000002050600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c9c65c0769935a2022-02-14 10:56:26.681root 11241100x80000000000000002050601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100d71dc4fc908842022-02-14 10:56:26.681root 11241100x80000000000000002050602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34d4f5b7a2a7b952022-02-14 10:56:26.681root 11241100x80000000000000002050603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11776c10934ea6702022-02-14 10:56:26.681root 11241100x80000000000000002050604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4766623d62a23bf2022-02-14 10:56:26.682root 11241100x80000000000000002050605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e840795477f05b2022-02-14 10:56:26.682root 11241100x80000000000000002050606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0024ef120fdd1bd2022-02-14 10:56:26.682root 11241100x80000000000000002050607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136a5ead0616b00f2022-02-14 10:56:26.683root 11241100x80000000000000002050608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50aacec143a6ced2022-02-14 10:56:26.683root 11241100x80000000000000002050609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f661388c297fd1122022-02-14 10:56:26.683root 11241100x80000000000000002050610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934101b4bdf1a20c2022-02-14 10:56:26.683root 11241100x80000000000000002050611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b456953d571a16d2022-02-14 10:56:26.684root 11241100x80000000000000002050612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092119c2ea9698e02022-02-14 10:56:26.685root 11241100x80000000000000002050613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b752ec585b955f52022-02-14 10:56:26.685root 11241100x80000000000000002050614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2386bc88ac0995a32022-02-14 10:56:26.685root 11241100x80000000000000002050615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5acbb9491d00f472022-02-14 10:56:26.686root 11241100x80000000000000002050616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a5d73c9cc063a32022-02-14 10:56:26.687root 11241100x80000000000000002050617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560eae577368d3fa2022-02-14 10:56:26.687root 11241100x80000000000000002050618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015971c3867d288c2022-02-14 10:56:26.687root 11241100x80000000000000002050619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed4fa56b9c124b22022-02-14 10:56:26.687root 11241100x80000000000000002050620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2091deedf580701d2022-02-14 10:56:26.688root 11241100x80000000000000002050621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:26.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990c3bed0bf861842022-02-14 10:56:26.688root 11241100x80000000000000002050622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68fdeec29b6b2e52022-02-14 10:56:27.180root 11241100x80000000000000002050623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe4786f53e289b2022-02-14 10:56:27.180root 11241100x80000000000000002050624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442335d6f3e4ab802022-02-14 10:56:27.180root 11241100x80000000000000002050625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102a641950e303a02022-02-14 10:56:27.181root 11241100x80000000000000002050626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd7cd915a223cef2022-02-14 10:56:27.181root 11241100x80000000000000002050627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd445c2b1863100a2022-02-14 10:56:27.181root 11241100x80000000000000002050628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c7911d514472452022-02-14 10:56:27.181root 11241100x80000000000000002050629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806c2d739d0f29162022-02-14 10:56:27.181root 11241100x80000000000000002050630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3f310172807df62022-02-14 10:56:27.182root 11241100x80000000000000002050631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d7e5740463d1eb2022-02-14 10:56:27.182root 11241100x80000000000000002050632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0245ac2e7603232022-02-14 10:56:27.182root 11241100x80000000000000002050633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa8b9740fcf3c372022-02-14 10:56:27.182root 11241100x80000000000000002050634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b54485e06da4e852022-02-14 10:56:27.182root 11241100x80000000000000002050635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff7074692a370302022-02-14 10:56:27.182root 11241100x80000000000000002050636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aefdab476181d2c2022-02-14 10:56:27.182root 11241100x80000000000000002050637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfe82e16906269c2022-02-14 10:56:27.183root 11241100x80000000000000002050638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713550f670dad5c02022-02-14 10:56:27.183root 11241100x80000000000000002050639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba0d1c1db28b81e2022-02-14 10:56:27.183root 11241100x80000000000000002050640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bd457aa73ebdea2022-02-14 10:56:27.183root 11241100x80000000000000002050641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28069354a7aabdec2022-02-14 10:56:27.183root 11241100x80000000000000002050642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b4f1bc943c0daf2022-02-14 10:56:27.183root 11241100x80000000000000002050643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3564e3621397bfd22022-02-14 10:56:27.183root 11241100x80000000000000002050644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0879ed5e3b7249ef2022-02-14 10:56:27.183root 11241100x80000000000000002050645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5d2c2a59c20ecb2022-02-14 10:56:27.183root 11241100x80000000000000002050646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b55be68fbf1311e2022-02-14 10:56:27.689root 11241100x80000000000000002050647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f46b54f915f5002022-02-14 10:56:27.689root 11241100x80000000000000002050648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a033aa38bda44e2022-02-14 10:56:27.690root 11241100x80000000000000002050649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7963d2d6701788c2022-02-14 10:56:27.690root 11241100x80000000000000002050650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e61aaae930e42e2022-02-14 10:56:27.690root 11241100x80000000000000002050651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d763a9cbeb2a78e32022-02-14 10:56:27.690root 11241100x80000000000000002050652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15e4ab74f46681e2022-02-14 10:56:27.690root 11241100x80000000000000002050653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f5fe94dadea2202022-02-14 10:56:27.691root 11241100x80000000000000002050654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe8347e581af6a82022-02-14 10:56:27.691root 11241100x80000000000000002050655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03b407d69a799862022-02-14 10:56:27.691root 11241100x80000000000000002050656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891cec40a68660d02022-02-14 10:56:27.692root 11241100x80000000000000002050657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390a107473c97bd92022-02-14 10:56:27.692root 11241100x80000000000000002050658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb2fcb4012ee69e2022-02-14 10:56:27.692root 11241100x80000000000000002050659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fb74c4078ddd062022-02-14 10:56:27.692root 11241100x80000000000000002050660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b4ccae39cf57aa2022-02-14 10:56:27.692root 11241100x80000000000000002050661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a7ddd01c6df68a2022-02-14 10:56:27.692root 11241100x80000000000000002050662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8469e2bdb2a486d2022-02-14 10:56:27.692root 11241100x80000000000000002050663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a7b2e4551a4aab2022-02-14 10:56:27.692root 11241100x80000000000000002050664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9130db543699d8d12022-02-14 10:56:27.692root 11241100x80000000000000002050665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fede388ba689b62022-02-14 10:56:27.692root 11241100x80000000000000002050666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24c0d988e72675d2022-02-14 10:56:27.692root 11241100x80000000000000002050667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a9f26a5c79ca272022-02-14 10:56:27.692root 11241100x80000000000000002050668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e664faae7dc2609d2022-02-14 10:56:27.693root 11241100x80000000000000002050669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:27.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5110726741f8c512022-02-14 10:56:27.693root 11241100x80000000000000002050670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa7ce2224e342312022-02-14 10:56:28.180root 11241100x80000000000000002050671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ee44096bae2a562022-02-14 10:56:28.180root 11241100x80000000000000002050672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c205ca8dc22e31c2022-02-14 10:56:28.180root 11241100x80000000000000002050673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6acfb6a243f9ea2022-02-14 10:56:28.180root 11241100x80000000000000002050674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72c377a25000b1e2022-02-14 10:56:28.181root 11241100x80000000000000002050675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9590cdcaf55982672022-02-14 10:56:28.181root 11241100x80000000000000002050676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcf00638adb53322022-02-14 10:56:28.181root 11241100x80000000000000002050677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515fdcf97dd942cd2022-02-14 10:56:28.181root 11241100x80000000000000002050678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24875b821b6e62e2022-02-14 10:56:28.181root 11241100x80000000000000002050679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811831ff76b5946e2022-02-14 10:56:28.181root 11241100x80000000000000002050680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792a56a71c404ec42022-02-14 10:56:28.181root 11241100x80000000000000002050681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f521e05de3669982022-02-14 10:56:28.182root 11241100x80000000000000002050682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467f678a15e2ed592022-02-14 10:56:28.182root 11241100x80000000000000002050683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff275b0df343420a2022-02-14 10:56:28.182root 11241100x80000000000000002050684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1cb5abdc275ad62022-02-14 10:56:28.182root 11241100x80000000000000002050685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd87fcfd5851fb52022-02-14 10:56:28.182root 11241100x80000000000000002050686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277327ab3150d65f2022-02-14 10:56:28.182root 11241100x80000000000000002050687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0936698ac2e6bd202022-02-14 10:56:28.182root 11241100x80000000000000002050688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c627a6d304c41efa2022-02-14 10:56:28.182root 11241100x80000000000000002050689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50f8a50838ee1be2022-02-14 10:56:28.183root 11241100x80000000000000002050690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ceb28a629c3ed652022-02-14 10:56:28.183root 11241100x80000000000000002050691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24013cf645a1c8b2022-02-14 10:56:28.183root 11241100x80000000000000002050692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e326ec84f1cc0462022-02-14 10:56:28.183root 11241100x80000000000000002050693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2546b0d3bf8f0d122022-02-14 10:56:28.183root 11241100x80000000000000002050694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e15d791e9524ac2022-02-14 10:56:28.680root 11241100x80000000000000002050695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f30aeaf25e46112022-02-14 10:56:28.680root 11241100x80000000000000002050696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61514fa15962f5692022-02-14 10:56:28.680root 11241100x80000000000000002050697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f59705306554182022-02-14 10:56:28.680root 11241100x80000000000000002050698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d922095320d6400d2022-02-14 10:56:28.681root 11241100x80000000000000002050699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef718250a9fea0262022-02-14 10:56:28.681root 11241100x80000000000000002050700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34951fffac4911e62022-02-14 10:56:28.681root 11241100x80000000000000002050701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96f439f58f077c52022-02-14 10:56:28.681root 11241100x80000000000000002050702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8a3f66628878da2022-02-14 10:56:28.681root 11241100x80000000000000002050703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a42da4fbd001882022-02-14 10:56:28.681root 11241100x80000000000000002050704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da962f82095ca652022-02-14 10:56:28.682root 11241100x80000000000000002050705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65def84fc40c3462022-02-14 10:56:28.682root 11241100x80000000000000002050706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c397488a0825ba2022-02-14 10:56:28.682root 11241100x80000000000000002050707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd6793ca5c1a91d2022-02-14 10:56:28.682root 11241100x80000000000000002050708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cccb23826992382022-02-14 10:56:28.682root 11241100x80000000000000002050709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa5d41a6f9125462022-02-14 10:56:28.682root 11241100x80000000000000002050710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e1698642f0c7892022-02-14 10:56:28.682root 11241100x80000000000000002050711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f16e5a03079cc52022-02-14 10:56:28.682root 11241100x80000000000000002050712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c2cbd4f16807ee2022-02-14 10:56:28.682root 11241100x80000000000000002050713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b0e9b0f59f9a132022-02-14 10:56:28.683root 11241100x80000000000000002050714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13807d32e7ae1eb62022-02-14 10:56:28.683root 11241100x80000000000000002050715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d449be00cf4dcc2022-02-14 10:56:28.684root 11241100x80000000000000002050716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76d7763f4a3ea0d2022-02-14 10:56:28.684root 11241100x80000000000000002050717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1a4421c99d05d52022-02-14 10:56:28.684root 354300x80000000000000002050718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.132{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54682-false10.0.1.12-8000- 11241100x80000000000000002050719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2bad600da9c4c02022-02-14 10:56:29.132root 11241100x80000000000000002050720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.133{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e37add02ef87ff62022-02-14 10:56:29.133root 11241100x80000000000000002050721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.133{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59825feccb80e3d2022-02-14 10:56:29.133root 11241100x80000000000000002050722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.133{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8aa9bf24f7503c2022-02-14 10:56:29.133root 11241100x80000000000000002050723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.133{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2adc15b4fbf25a2022-02-14 10:56:29.133root 11241100x80000000000000002050724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.133{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aa0ff094b06d662022-02-14 10:56:29.133root 11241100x80000000000000002050725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14ae73121a175e02022-02-14 10:56:29.134root 11241100x80000000000000002050726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e838d50171ccf4602022-02-14 10:56:29.134root 11241100x80000000000000002050727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17577867118ab3502022-02-14 10:56:29.134root 11241100x80000000000000002050728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06252cdde64d1632022-02-14 10:56:29.134root 11241100x80000000000000002050729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06abbf948861b97a2022-02-14 10:56:29.135root 11241100x80000000000000002050730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f5e4246c1a4d752022-02-14 10:56:29.135root 11241100x80000000000000002050731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e345ad1b0a029d32022-02-14 10:56:29.135root 11241100x80000000000000002050732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc87f562e5eb9e42022-02-14 10:56:29.135root 11241100x80000000000000002050733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b994b5b9549dfda12022-02-14 10:56:29.135root 11241100x80000000000000002050734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ffd75743e1e76d2022-02-14 10:56:29.135root 11241100x80000000000000002050735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e045438ec4845212022-02-14 10:56:29.135root 11241100x80000000000000002050736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6acae1eeb615f52022-02-14 10:56:29.135root 11241100x80000000000000002050737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.136{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa244a3d15650ba2022-02-14 10:56:29.136root 11241100x80000000000000002050738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.136{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5914b0ff7ff2fe772022-02-14 10:56:29.136root 11241100x80000000000000002050739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.136{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1903c3b609eb6fec2022-02-14 10:56:29.136root 11241100x80000000000000002050740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.136{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf476b64813aa332022-02-14 10:56:29.136root 11241100x80000000000000002050741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.136{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8884808a5048e08d2022-02-14 10:56:29.136root 11241100x80000000000000002050742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.136{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab4c27b12aa297c2022-02-14 10:56:29.136root 11241100x80000000000000002050743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.136{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d334da811b7d5862022-02-14 10:56:29.136root 11241100x80000000000000002050744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.136{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380d9f42a3e5a6ea2022-02-14 10:56:29.136root 11241100x80000000000000002050745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.137{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ec0fcf9c18358a2022-02-14 10:56:29.137root 11241100x80000000000000002050746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.138{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46e8782328a0a6c2022-02-14 10:56:29.138root 11241100x80000000000000002050747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.138{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68ab4046aab37192022-02-14 10:56:29.138root 11241100x80000000000000002050748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.138{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825832642b6b28002022-02-14 10:56:29.138root 11241100x80000000000000002050749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.139{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff940dd6b940f712022-02-14 10:56:29.139root 11241100x80000000000000002050750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.139{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0890f0ed081548a2022-02-14 10:56:29.139root 11241100x80000000000000002050751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.139{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ec07fc827aecef2022-02-14 10:56:29.139root 11241100x80000000000000002050752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.139{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f94d58190cab142022-02-14 10:56:29.139root 11241100x80000000000000002050753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6e76066ccde9942022-02-14 10:56:29.430root 11241100x80000000000000002050754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0da5595293af502022-02-14 10:56:29.430root 11241100x80000000000000002050755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bac1a5ec81472e2022-02-14 10:56:29.430root 11241100x80000000000000002050756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a4cf6eb9a39e9c2022-02-14 10:56:29.430root 11241100x80000000000000002050757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd81bea5a862a0ba2022-02-14 10:56:29.430root 11241100x80000000000000002050758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5604c0d0970a30532022-02-14 10:56:29.431root 11241100x80000000000000002050759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d2288e75226f2d2022-02-14 10:56:29.431root 11241100x80000000000000002050760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa39c399a4c0f1f2022-02-14 10:56:29.431root 11241100x80000000000000002050761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b47d0c7203ce3972022-02-14 10:56:29.431root 11241100x80000000000000002050762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a105c10fc45d8c552022-02-14 10:56:29.431root 11241100x80000000000000002050763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50303f2e521957cb2022-02-14 10:56:29.431root 11241100x80000000000000002050764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cca74a72e1967d2022-02-14 10:56:29.431root 11241100x80000000000000002050765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3f4c3b6cac10622022-02-14 10:56:29.432root 11241100x80000000000000002050766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e139fd386c40322022-02-14 10:56:29.432root 11241100x80000000000000002050767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c6fa8a2e8247e02022-02-14 10:56:29.432root 11241100x80000000000000002050768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cffc7c56de82e0b2022-02-14 10:56:29.432root 11241100x80000000000000002050769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd7f2000e98a742022-02-14 10:56:29.432root 11241100x80000000000000002050770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa944c78092123b2022-02-14 10:56:29.432root 11241100x80000000000000002050771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1a87d759ca5fa72022-02-14 10:56:29.432root 11241100x80000000000000002050772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f365442c224fb6f12022-02-14 10:56:29.432root 11241100x80000000000000002050773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a65d13c608ab2fa2022-02-14 10:56:29.432root 11241100x80000000000000002050774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06a941a7d108d172022-02-14 10:56:29.432root 11241100x80000000000000002050775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2b4c9ec5f4757d2022-02-14 10:56:29.433root 11241100x80000000000000002050776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aac3778c3c2adcb2022-02-14 10:56:29.433root 11241100x80000000000000002050777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1726a16a4c6d762022-02-14 10:56:29.433root 11241100x80000000000000002050778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5738bd00f3b01bc12022-02-14 10:56:29.433root 11241100x80000000000000002050779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebefb19f809f5ca12022-02-14 10:56:29.433root 11241100x80000000000000002050780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcff29e69d11a4d2022-02-14 10:56:29.433root 11241100x80000000000000002050781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07acbe748fa926d92022-02-14 10:56:29.433root 11241100x80000000000000002050782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4bd0475b7814e32022-02-14 10:56:29.433root 11241100x80000000000000002050783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa065020bb1abe12022-02-14 10:56:29.433root 11241100x80000000000000002050784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f185f3f12d3f4f2022-02-14 10:56:29.930root 11241100x80000000000000002050785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5fad12ba692eeb2022-02-14 10:56:29.931root 11241100x80000000000000002050786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cb5c7486d0aa722022-02-14 10:56:29.931root 11241100x80000000000000002050787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77efdd08f333a262022-02-14 10:56:29.931root 11241100x80000000000000002050788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f80d7070900e2b2022-02-14 10:56:29.931root 11241100x80000000000000002050789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99555e95669ef5722022-02-14 10:56:29.931root 11241100x80000000000000002050790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8523c99c82b36e2022-02-14 10:56:29.931root 11241100x80000000000000002050791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcc8b6f6678117d2022-02-14 10:56:29.931root 11241100x80000000000000002050792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61ff25732d699c82022-02-14 10:56:29.932root 11241100x80000000000000002050793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90d1908e13262352022-02-14 10:56:29.932root 11241100x80000000000000002050794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205616dc6be692ab2022-02-14 10:56:29.932root 11241100x80000000000000002050795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6113853f893cafe32022-02-14 10:56:29.932root 11241100x80000000000000002050796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a7a34599a40a692022-02-14 10:56:29.933root 11241100x80000000000000002050797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad73cf43bddeaf642022-02-14 10:56:29.933root 11241100x80000000000000002050798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdd66d3cb42d0452022-02-14 10:56:29.933root 11241100x80000000000000002050799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2ca6698524f3082022-02-14 10:56:29.933root 11241100x80000000000000002050800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09275d18d5c6eae82022-02-14 10:56:29.933root 11241100x80000000000000002050801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7860ef8f611e93d72022-02-14 10:56:29.933root 11241100x80000000000000002050802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fd488865b589932022-02-14 10:56:29.933root 11241100x80000000000000002050803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d765c2a2c47135c02022-02-14 10:56:29.933root 11241100x80000000000000002050804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bcd2673a9d67112022-02-14 10:56:29.933root 11241100x80000000000000002050805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538326debf9b67da2022-02-14 10:56:29.934root 11241100x80000000000000002050806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d1d1e3649eec3c2022-02-14 10:56:29.934root 11241100x80000000000000002050807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cab85dcacd0efbd2022-02-14 10:56:29.934root 11241100x80000000000000002050808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b69ce1a0eee232022-02-14 10:56:29.934root 11241100x80000000000000002050809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9783e9dfb691f4b92022-02-14 10:56:30.430root 11241100x80000000000000002050810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f40266c31c4883b2022-02-14 10:56:30.430root 11241100x80000000000000002050811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5157ff6d4bb48f8f2022-02-14 10:56:30.430root 11241100x80000000000000002050812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c868b66d536b6282022-02-14 10:56:30.430root 11241100x80000000000000002050813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49f024daded658e2022-02-14 10:56:30.430root 11241100x80000000000000002050814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4493f96f405be3342022-02-14 10:56:30.430root 11241100x80000000000000002050815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07afb3700d8f604a2022-02-14 10:56:30.430root 23542300x80000000000000002050844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:43.017{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000002050845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:43.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b513afbb385dbbe2022-02-14 10:56:43.429root 11241100x80000000000000002050846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:43.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32685c64d7f5488e2022-02-14 10:56:43.929root 11241100x80000000000000002050847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:44.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6974e04469f71a172022-02-14 10:56:44.429root 11241100x80000000000000002050848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:44.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954815e5c51288f02022-02-14 10:56:44.929root 354300x80000000000000002050849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:45.157{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54688-false10.0.1.12-8000- 11241100x80000000000000002050850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:45.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaf03c688372fe42022-02-14 10:56:45.429root 11241100x80000000000000002050851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b438bc7560e832602022-02-14 10:56:45.430root 11241100x80000000000000002050852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:45.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c20d009633ac632022-02-14 10:56:45.929root 11241100x80000000000000002050853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:45.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054e3af4ed4288b22022-02-14 10:56:45.930root 154100x80000000000000002050854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:46.055{ec2ab09f-356e-620a-6864-96b08b550000}2407/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2ab09f-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}871--- 534500x80000000000000002050855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:46.071{ec2ab09f-356e-620a-6864-96b08b550000}2407/bin/psroot 11241100x80000000000000002050856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa6238915d7b37f2022-02-14 10:56:46.430root 11241100x80000000000000002050857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfbb07868c298592022-02-14 10:56:46.430root 11241100x80000000000000002050858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd088dc373f46e8a2022-02-14 10:56:46.430root 11241100x80000000000000002050859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29abca03b22067a92022-02-14 10:56:46.430root 11241100x80000000000000002050860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1801e18d820824cc2022-02-14 10:56:46.930root 11241100x80000000000000002050861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4baaa3be6e1ed72022-02-14 10:56:46.930root 11241100x80000000000000002050862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb39ccda6cc42192022-02-14 10:56:46.930root 11241100x80000000000000002050863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b1c496bb67efff2022-02-14 10:56:46.930root 11241100x80000000000000002050864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07423bdb377d61d2022-02-14 10:56:47.430root 11241100x80000000000000002050865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489756e3bf641e852022-02-14 10:56:47.430root 11241100x80000000000000002050866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e4bc5a78ad29cc2022-02-14 10:56:47.430root 11241100x80000000000000002050867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7062cd3d5a8ff1e2022-02-14 10:56:47.430root 11241100x80000000000000002050868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c793bcad3007a92022-02-14 10:56:47.930root 11241100x80000000000000002050869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160a52e0038b2dab2022-02-14 10:56:47.930root 11241100x80000000000000002050870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eac6aff901175782022-02-14 10:56:47.930root 11241100x80000000000000002050871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff2480b9990befd2022-02-14 10:56:47.930root 11241100x80000000000000002050872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91c087030df29d72022-02-14 10:56:48.430root 11241100x80000000000000002050873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707435a19acb18ff2022-02-14 10:56:48.430root 11241100x80000000000000002050874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de304176f082fb3a2022-02-14 10:56:48.430root 11241100x80000000000000002050875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba8c5412a2879fd2022-02-14 10:56:48.430root 11241100x80000000000000002050876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e88e0835b077822022-02-14 10:56:48.930root 11241100x80000000000000002050877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934048aeaccbf2ac2022-02-14 10:56:48.930root 11241100x80000000000000002050878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dd47656d407c382022-02-14 10:56:48.930root 11241100x80000000000000002050879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d01cc9ff0bf4192022-02-14 10:56:48.930root 11241100x80000000000000002050880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12217893b86634602022-02-14 10:56:49.430root 11241100x80000000000000002050881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b354cea7e53798f2022-02-14 10:56:49.430root 11241100x80000000000000002050882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de684e9ccd1b89792022-02-14 10:56:49.431root 11241100x80000000000000002050883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0932b30d4074c8e2022-02-14 10:56:49.431root 11241100x80000000000000002050884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62cd1ebc1b1161f2022-02-14 10:56:49.930root 11241100x80000000000000002050885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273512660b2e17ac2022-02-14 10:56:49.930root 11241100x80000000000000002050886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8982b3d95ea869492022-02-14 10:56:49.930root 11241100x80000000000000002050887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb91a89f5d935362022-02-14 10:56:49.930root 11241100x80000000000000002050888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1520ef2d44c6f1a62022-02-14 10:56:50.430root 11241100x80000000000000002050889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2590f24a060b4d2022-02-14 10:56:50.430root 11241100x80000000000000002050890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129d857afdfe827f2022-02-14 10:56:50.430root 11241100x80000000000000002050891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be07e447599369842022-02-14 10:56:50.430root 11241100x80000000000000002050892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3227566c551ba24d2022-02-14 10:56:50.930root 11241100x80000000000000002050893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed96a9bd050c4e92022-02-14 10:56:50.930root 11241100x80000000000000002050894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04fc271a992d8b12022-02-14 10:56:50.930root 11241100x80000000000000002050895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cb374fe683faf32022-02-14 10:56:50.930root 354300x80000000000000002050896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:51.066{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54690-false10.0.1.12-8000- 11241100x80000000000000002050897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ba88a01edc07222022-02-14 10:56:51.430root 11241100x80000000000000002050898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cd78e3335efa432022-02-14 10:56:51.431root 11241100x80000000000000002050899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11828e6311f33a832022-02-14 10:56:51.431root 11241100x80000000000000002050900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcef846cfb7c43fa2022-02-14 10:56:51.432root 11241100x80000000000000002050901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bced4975c6be6262022-02-14 10:56:51.432root 11241100x80000000000000002050902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feda1dc45635be8e2022-02-14 10:56:51.930root 11241100x80000000000000002050903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11513f95037313c2022-02-14 10:56:51.930root 11241100x80000000000000002050904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d65949857c051f32022-02-14 10:56:51.930root 11241100x80000000000000002050905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff9c992f58530202022-02-14 10:56:51.930root 11241100x80000000000000002050906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7252877eeec84f12022-02-14 10:56:51.931root 11241100x80000000000000002050907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faa3a894b7562fa2022-02-14 10:56:52.430root 11241100x80000000000000002050908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cdf1fb40249c862022-02-14 10:56:52.430root 11241100x80000000000000002050909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578afd49d4106dd62022-02-14 10:56:52.430root 11241100x80000000000000002050910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6472adc22f7de8d72022-02-14 10:56:52.430root 11241100x80000000000000002050911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102587bb9f8641952022-02-14 10:56:52.431root 11241100x80000000000000002050912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81a514908db5ce92022-02-14 10:56:52.930root 11241100x80000000000000002050913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1198aef74069bd52022-02-14 10:56:52.930root 11241100x80000000000000002050914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc485bacf2b0d4622022-02-14 10:56:52.930root 11241100x80000000000000002050915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1f5d90d052be8c2022-02-14 10:56:52.930root 11241100x80000000000000002050916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a88a8b3e52ba74f2022-02-14 10:56:52.930root 11241100x80000000000000002050917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f226096f264e41972022-02-14 10:56:53.430root 11241100x80000000000000002050918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235daa24096a60a92022-02-14 10:56:53.430root 11241100x80000000000000002050919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c7472766865e4c2022-02-14 10:56:53.430root 11241100x80000000000000002050920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d8a0782fc0016c2022-02-14 10:56:53.430root 11241100x80000000000000002050921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d01161ce3bfab512022-02-14 10:56:53.431root 11241100x80000000000000002050922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27729aa431fb1542022-02-14 10:56:53.930root 11241100x80000000000000002050923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91c6c221a5f0f872022-02-14 10:56:53.930root 11241100x80000000000000002050924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4501d956a130ef4f2022-02-14 10:56:53.930root 11241100x80000000000000002050925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2bb6df98216f442022-02-14 10:56:53.930root 11241100x80000000000000002050926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66acfeb6cc88f4762022-02-14 10:56:53.930root 11241100x80000000000000002050927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd9fae7968727442022-02-14 10:56:54.431root 11241100x80000000000000002050928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad37e44ad2a76262022-02-14 10:56:54.431root 11241100x80000000000000002050929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1e5c91dfaa92ce2022-02-14 10:56:54.431root 11241100x80000000000000002050930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f539cb0551b597c02022-02-14 10:56:54.431root 11241100x80000000000000002050931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15555d6846f25df62022-02-14 10:56:54.432root 11241100x80000000000000002050932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3a8abc3bdf801e2022-02-14 10:56:54.930root 11241100x80000000000000002050933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00eb36cbedfdfb22022-02-14 10:56:54.930root 11241100x80000000000000002050934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699d58c6e37c6eb12022-02-14 10:56:54.930root 11241100x80000000000000002050935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905815fc584e76a02022-02-14 10:56:54.930root 11241100x80000000000000002050936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9909e9daf3db3782022-02-14 10:56:54.930root 11241100x80000000000000002050937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bfe5a9227e52412022-02-14 10:56:55.430root 11241100x80000000000000002050938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7d7ccf0f2100ae2022-02-14 10:56:55.430root 11241100x80000000000000002050939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13418a42d6e867722022-02-14 10:56:55.430root 11241100x80000000000000002050940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e620f592edab8962022-02-14 10:56:55.430root 11241100x80000000000000002050941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcf7fb560d57c882022-02-14 10:56:55.430root 11241100x80000000000000002050942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ff399714a37dad2022-02-14 10:56:55.930root 11241100x80000000000000002050943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1cd4a60e0c76922022-02-14 10:56:55.930root 11241100x80000000000000002050944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de036dc39d813d452022-02-14 10:56:55.930root 11241100x80000000000000002050945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b49bf6775931db72022-02-14 10:56:55.930root 11241100x80000000000000002050946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1c02f527d47e912022-02-14 10:56:55.930root 354300x80000000000000002050947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.136{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54692-false10.0.1.12-8000- 11241100x80000000000000002050948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eef31ce603976912022-02-14 10:56:56.430root 11241100x80000000000000002050949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf9b059a11cd9e62022-02-14 10:56:56.430root 11241100x80000000000000002050950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14214328b0b8848a2022-02-14 10:56:56.430root 11241100x80000000000000002050951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2eca65c45e5d9d2022-02-14 10:56:56.430root 11241100x80000000000000002050952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a344d29a730f3f02022-02-14 10:56:56.430root 11241100x80000000000000002050953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67aa23caf58202192022-02-14 10:56:56.430root 11241100x80000000000000002050954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7b12ffafcba1f42022-02-14 10:56:56.929root 11241100x80000000000000002050955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c5e88efe7b26972022-02-14 10:56:56.930root 11241100x80000000000000002050956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345607d775cf981b2022-02-14 10:56:56.930root 11241100x80000000000000002050957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538b7bf03bd4f56d2022-02-14 10:56:56.930root 11241100x80000000000000002050958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cc5ca4b7371c1b2022-02-14 10:56:56.930root 11241100x80000000000000002050959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33385524f8545ac2022-02-14 10:56:56.930root 11241100x80000000000000002050960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be1fef4bc059fa92022-02-14 10:56:57.430root 11241100x80000000000000002050961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ec9613e6ec35962022-02-14 10:56:57.430root 11241100x80000000000000002050962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed51a8597a56eb22022-02-14 10:56:57.430root 11241100x80000000000000002050963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19eaa2728aae34822022-02-14 10:56:57.430root 11241100x80000000000000002050964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cf8ce399bccf3e2022-02-14 10:56:57.430root 11241100x80000000000000002050965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91604195bb4c25a2022-02-14 10:56:57.430root 11241100x80000000000000002050966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871524397ef479902022-02-14 10:56:57.929root 11241100x80000000000000002050967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b018fae2b760e552022-02-14 10:56:57.930root 11241100x80000000000000002050968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98999eec3bbbeb152022-02-14 10:56:57.930root 11241100x80000000000000002050969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a8032d7e3c130c2022-02-14 10:56:57.931root 11241100x80000000000000002050970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eb19b02170af7b2022-02-14 10:56:57.931root 11241100x80000000000000002050971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380aed82e89de2882022-02-14 10:56:57.931root 11241100x80000000000000002050972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c4cb4277149f2c2022-02-14 10:56:58.430root 11241100x80000000000000002050973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256c2943cdc72b8f2022-02-14 10:56:58.430root 11241100x80000000000000002050974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df03c8774881a092022-02-14 10:56:58.430root 11241100x80000000000000002050975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0646c879c0363a172022-02-14 10:56:58.430root 11241100x80000000000000002050976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920e9d122764e5452022-02-14 10:56:58.430root 11241100x80000000000000002050977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b33795fd131ee32022-02-14 10:56:58.430root 11241100x80000000000000002050978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a640e66711dc682022-02-14 10:56:58.930root 11241100x80000000000000002050979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c9876a8adaba492022-02-14 10:56:58.930root 11241100x80000000000000002050980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d434eb22dd95ef2022-02-14 10:56:58.930root 11241100x80000000000000002050981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95d00a26662a6832022-02-14 10:56:58.930root 11241100x80000000000000002050982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7964ee67d303ff2022-02-14 10:56:58.930root 11241100x80000000000000002050983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cdc6aa4556111e2022-02-14 10:56:58.930root 11241100x80000000000000002050984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb83aa0084a08d392022-02-14 10:56:59.430root 11241100x80000000000000002050985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754ba8cd324380252022-02-14 10:56:59.430root 11241100x80000000000000002050986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d43ed9f2201af772022-02-14 10:56:59.430root 11241100x80000000000000002050987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fb053b87a06b562022-02-14 10:56:59.430root 11241100x80000000000000002050988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeb940d5a4174612022-02-14 10:56:59.430root 11241100x80000000000000002050989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1854419c32e8b82022-02-14 10:56:59.430root 11241100x80000000000000002050990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2642c1fbdb80be72022-02-14 10:56:59.930root 11241100x80000000000000002050991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b1504f7cfe78cb2022-02-14 10:56:59.930root 11241100x80000000000000002050992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a05cc7700a9b682022-02-14 10:56:59.930root 11241100x80000000000000002050993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b709fc70d456bf1a2022-02-14 10:56:59.930root 11241100x80000000000000002050994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a68f063f1839b1f2022-02-14 10:56:59.930root 11241100x80000000000000002050995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:56:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869e83713e1aaa2c2022-02-14 10:56:59.930root 11241100x80000000000000002050996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23a34373a8086172022-02-14 10:57:00.430root 11241100x80000000000000002050997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cba775c526daf312022-02-14 10:57:00.430root 11241100x80000000000000002050998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33665c92e8b679852022-02-14 10:57:00.430root 11241100x80000000000000002050999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e50d26483ccd972022-02-14 10:57:00.430root 11241100x80000000000000002051000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8002e9243a167f0e2022-02-14 10:57:00.430root 11241100x80000000000000002051001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0e3c856b8d82d12022-02-14 10:57:00.430root 11241100x80000000000000002051002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eecfc7d84a3ce92022-02-14 10:57:00.930root 11241100x80000000000000002051003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71f14981a3f61562022-02-14 10:57:00.930root 11241100x80000000000000002051004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73982533d6f45b7e2022-02-14 10:57:00.930root 11241100x80000000000000002051005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165eb011aa9450932022-02-14 10:57:00.930root 11241100x80000000000000002051006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72acb0831426281d2022-02-14 10:57:00.930root 11241100x80000000000000002051007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acab68dd83757e4c2022-02-14 10:57:00.930root 354300x80000000000000002051008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.194{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54694-false10.0.1.12-8000- 11241100x80000000000000002051009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80feb5b2f407105a2022-02-14 10:57:01.195root 11241100x80000000000000002051010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff36a348c0f638f2022-02-14 10:57:01.195root 11241100x80000000000000002051011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf2e04fb3839b0a2022-02-14 10:57:01.195root 11241100x80000000000000002051012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa822442558c2ba42022-02-14 10:57:01.195root 11241100x80000000000000002051013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d4adaa91cde7c32022-02-14 10:57:01.195root 11241100x80000000000000002051014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92089b6735aa5a552022-02-14 10:57:01.195root 11241100x80000000000000002051015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e3733b875965662022-02-14 10:57:01.195root 11241100x80000000000000002051016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3e6e9f563072442022-02-14 10:57:01.680root 11241100x80000000000000002051017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eba0f1122adc2812022-02-14 10:57:01.680root 11241100x80000000000000002051018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4daa2f877c3b7f2022-02-14 10:57:01.680root 11241100x80000000000000002051019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc52d6af98a55692022-02-14 10:57:01.680root 11241100x80000000000000002051020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b535e4e94386582022-02-14 10:57:01.680root 11241100x80000000000000002051021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd883c2f5a2f37df2022-02-14 10:57:01.680root 11241100x80000000000000002051022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8647b52ca3d3822022-02-14 10:57:01.680root 11241100x80000000000000002051023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268a40f505d0fad82022-02-14 10:57:02.180root 11241100x80000000000000002051024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c722a80da31eac532022-02-14 10:57:02.180root 11241100x80000000000000002051025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8af5a5918eb5b8a2022-02-14 10:57:02.180root 11241100x80000000000000002051026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f754811ce8786d432022-02-14 10:57:02.181root 11241100x80000000000000002051027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ff85d3507204e62022-02-14 10:57:02.181root 11241100x80000000000000002051028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372b5e92fd464efc2022-02-14 10:57:02.181root 11241100x80000000000000002051029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3caabe3a57141cb2022-02-14 10:57:02.181root 11241100x80000000000000002051030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f087e3c908c72dd12022-02-14 10:57:02.680root 11241100x80000000000000002051031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4a794a545d5fa22022-02-14 10:57:02.680root 11241100x80000000000000002051032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c9319f59ddc4bd2022-02-14 10:57:02.680root 11241100x80000000000000002051033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d3edc6e798c07d2022-02-14 10:57:02.680root 11241100x80000000000000002051034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a9a9ee3a3272252022-02-14 10:57:02.681root 11241100x80000000000000002051035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485f108baa16e6fb2022-02-14 10:57:02.681root 11241100x80000000000000002051036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72033ed9ce7cbef92022-02-14 10:57:02.681root 11241100x80000000000000002051037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d0ad6520cc28d42022-02-14 10:57:03.180root 11241100x80000000000000002051038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf00803f9b775d7c2022-02-14 10:57:03.180root 11241100x80000000000000002051039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819470c50bd41bcd2022-02-14 10:57:03.180root 11241100x80000000000000002051040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc0186f66b77a642022-02-14 10:57:03.181root 11241100x80000000000000002051041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae5c8c39422f8962022-02-14 10:57:03.181root 11241100x80000000000000002051042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6ae681f93df2202022-02-14 10:57:03.181root 11241100x80000000000000002051043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f37d4f43a7adbc2022-02-14 10:57:03.181root 11241100x80000000000000002051044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba4abce2ac9b4942022-02-14 10:57:03.680root 11241100x80000000000000002051045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7838f9e0f57ba15f2022-02-14 10:57:03.680root 11241100x80000000000000002051046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d00cf4e6aaa49f82022-02-14 10:57:03.680root 11241100x80000000000000002051047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a14beafb50bcd3c2022-02-14 10:57:03.680root 11241100x80000000000000002051048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9743a0f1c426216e2022-02-14 10:57:03.681root 11241100x80000000000000002051049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64c7102bebace0b2022-02-14 10:57:03.681root 11241100x80000000000000002051050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bd8796a270b12d2022-02-14 10:57:03.681root 11241100x80000000000000002051051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7940d42cae1aa8532022-02-14 10:57:04.180root 11241100x80000000000000002051052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39387754bf346f2e2022-02-14 10:57:04.180root 11241100x80000000000000002051053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc892ebca26f77c2022-02-14 10:57:04.180root 11241100x80000000000000002051054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907a8ec66dd0cc192022-02-14 10:57:04.180root 11241100x80000000000000002051055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502288f0326b32ed2022-02-14 10:57:04.181root 11241100x80000000000000002051056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c161b205bd185d02022-02-14 10:57:04.181root 11241100x80000000000000002051057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0273341b000723062022-02-14 10:57:04.181root 11241100x80000000000000002051058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3de4103f6464fe2022-02-14 10:57:04.680root 11241100x80000000000000002051059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ccd3d596eaf9d82022-02-14 10:57:04.680root 11241100x80000000000000002051060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db09746726dcd3fd2022-02-14 10:57:04.680root 11241100x80000000000000002051061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52584225aec53032022-02-14 10:57:04.681root 11241100x80000000000000002051062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315f8d8021385b8e2022-02-14 10:57:04.681root 11241100x80000000000000002051063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b6ad1270cd65372022-02-14 10:57:04.681root 11241100x80000000000000002051064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71168fe4ec385f22022-02-14 10:57:04.682root 11241100x80000000000000002051065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49e41ac662c56c72022-02-14 10:57:05.180root 11241100x80000000000000002051066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a99e03354de91f92022-02-14 10:57:05.180root 11241100x80000000000000002051067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc35f54851a26f6d2022-02-14 10:57:05.180root 11241100x80000000000000002051068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74f785d261466372022-02-14 10:57:05.180root 11241100x80000000000000002051069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741db57cf55e15ac2022-02-14 10:57:05.182root 11241100x80000000000000002051070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2f4ffee54fcfb52022-02-14 10:57:05.183root 11241100x80000000000000002051071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76418ace0448b79e2022-02-14 10:57:05.183root 11241100x80000000000000002051072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252c755db3de29e22022-02-14 10:57:05.680root 11241100x80000000000000002051073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916971a9b8136aa92022-02-14 10:57:05.680root 11241100x80000000000000002051074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2478c849fa0191c2022-02-14 10:57:05.680root 11241100x80000000000000002051075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9bb6193b569b6b2022-02-14 10:57:05.680root 11241100x80000000000000002051076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501a1a32f416489d2022-02-14 10:57:05.681root 11241100x80000000000000002051077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cc68e26db10d862022-02-14 10:57:05.681root 11241100x80000000000000002051078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158594f8c6d0eb2e2022-02-14 10:57:05.681root 11241100x80000000000000002051079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9841cc760f689f5e2022-02-14 10:57:06.180root 11241100x80000000000000002051080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9236e6ba51a5e3de2022-02-14 10:57:06.180root 11241100x80000000000000002051081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557fede9a6f0d7782022-02-14 10:57:06.180root 11241100x80000000000000002051082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1675795282e0292022-02-14 10:57:06.181root 11241100x80000000000000002051083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4190a179c44079e22022-02-14 10:57:06.181root 11241100x80000000000000002051084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d7ff319124b00f2022-02-14 10:57:06.181root 11241100x80000000000000002051085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a407fcfb6ac28a2022-02-14 10:57:06.183root 354300x80000000000000002051086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.201{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54696-false10.0.1.12-8000- 11241100x80000000000000002051087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f68f20d8b7309512022-02-14 10:57:06.680root 11241100x80000000000000002051088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe46060a19b49212022-02-14 10:57:06.680root 11241100x80000000000000002051089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b134679e0f4d31a2022-02-14 10:57:06.680root 11241100x80000000000000002051090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de395bdb9453eb4e2022-02-14 10:57:06.680root 11241100x80000000000000002051091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdc9644a0181db72022-02-14 10:57:06.680root 11241100x80000000000000002051092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcded82a0563d302022-02-14 10:57:06.680root 11241100x80000000000000002051093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d69a6b705dcbccb2022-02-14 10:57:06.681root 11241100x80000000000000002051094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31647a70b63e750a2022-02-14 10:57:06.681root 11241100x80000000000000002051095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3651494bdfa3e32022-02-14 10:57:07.180root 11241100x80000000000000002051096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8f49e2ee59162f2022-02-14 10:57:07.180root 11241100x80000000000000002051097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1abcf4c184d9c02022-02-14 10:57:07.180root 11241100x80000000000000002051098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d096be59327d5e2022-02-14 10:57:07.180root 11241100x80000000000000002051099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ad3274561838d52022-02-14 10:57:07.180root 11241100x80000000000000002051100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf759e122c118782022-02-14 10:57:07.180root 11241100x80000000000000002051101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760e7dd5d65bf18a2022-02-14 10:57:07.181root 11241100x80000000000000002051102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393ffe7a45a56bb52022-02-14 10:57:07.181root 11241100x80000000000000002051103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636e17ba2ca470af2022-02-14 10:57:07.680root 11241100x80000000000000002051104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ec4af797583f3a2022-02-14 10:57:07.680root 11241100x80000000000000002051105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbc521dbc64543c2022-02-14 10:57:07.681root 11241100x80000000000000002051106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204a259d1aaa275e2022-02-14 10:57:07.681root 11241100x80000000000000002051107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1638b2a24c568a42022-02-14 10:57:07.681root 11241100x80000000000000002051108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4110b92fce5994462022-02-14 10:57:07.681root 11241100x80000000000000002051109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eec9cd7e450027f2022-02-14 10:57:07.682root 11241100x80000000000000002051110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:07.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ff4dd0a92d0a8b2022-02-14 10:57:07.682root 11241100x80000000000000002051111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cb487ce00e0a6d2022-02-14 10:57:08.180root 11241100x80000000000000002051112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d29aeb4f81e4212022-02-14 10:57:08.180root 11241100x80000000000000002051113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66177a4aa49ca3c2022-02-14 10:57:08.180root 11241100x80000000000000002051114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7781e6f829361dda2022-02-14 10:57:08.181root 11241100x80000000000000002051115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3185782991d22402022-02-14 10:57:08.181root 11241100x80000000000000002051116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eba77c4197250b52022-02-14 10:57:08.181root 11241100x80000000000000002051117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1802d45bfe243d822022-02-14 10:57:08.181root 11241100x80000000000000002051118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd366507781abc612022-02-14 10:57:08.182root 11241100x80000000000000002051119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dfeb75c28237a32022-02-14 10:57:08.680root 11241100x80000000000000002051120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a9e33edf2a318e2022-02-14 10:57:08.680root 11241100x80000000000000002051121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb78b18e43c8fed2022-02-14 10:57:08.680root 11241100x80000000000000002051122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6e96fd5fa213b32022-02-14 10:57:08.681root 11241100x80000000000000002051123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b636fd7a3e6cd52022-02-14 10:57:08.681root 11241100x80000000000000002051124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075193011e70f4e22022-02-14 10:57:08.681root 11241100x80000000000000002051125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08b7c78a0ff80672022-02-14 10:57:08.681root 11241100x80000000000000002051126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478962bbfe54b0532022-02-14 10:57:08.681root 11241100x80000000000000002051127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a543f20f0328d6932022-02-14 10:57:09.180root 11241100x80000000000000002051128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b00f4d864d5ab662022-02-14 10:57:09.180root 11241100x80000000000000002051129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cbea158301bb202022-02-14 10:57:09.180root 11241100x80000000000000002051130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b72667a86292d0b2022-02-14 10:57:09.180root 11241100x80000000000000002051131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2b48d2b6d7ca2f2022-02-14 10:57:09.180root 11241100x80000000000000002051132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22755f206595469e2022-02-14 10:57:09.180root 11241100x80000000000000002051133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77772b93894713db2022-02-14 10:57:09.180root 11241100x80000000000000002051134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f20838819019122022-02-14 10:57:09.180root 11241100x80000000000000002051135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f10ba7b842d58832022-02-14 10:57:09.680root 11241100x80000000000000002051136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8d107c8931d4362022-02-14 10:57:09.680root 11241100x80000000000000002051137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8936b1bdca52412e2022-02-14 10:57:09.680root 11241100x80000000000000002051138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b018449f629e09a02022-02-14 10:57:09.680root 11241100x80000000000000002051139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f098781baf4c5b72022-02-14 10:57:09.680root 11241100x80000000000000002051140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccac766afdd857a2022-02-14 10:57:09.680root 11241100x80000000000000002051141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f90f0c3e1c62862022-02-14 10:57:09.680root 11241100x80000000000000002051142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c97106c5e8da8d2022-02-14 10:57:09.680root 11241100x80000000000000002051143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.015{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 10:57:10.015root 11241100x80000000000000002051144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27895a19d16c10dc2022-02-14 10:57:10.017root 11241100x80000000000000002051145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749ffe6f2fe3c0202022-02-14 10:57:10.017root 11241100x80000000000000002051146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ca98ec0c9592312022-02-14 10:57:10.017root 11241100x80000000000000002051147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40ad576350d48aa2022-02-14 10:57:10.017root 11241100x80000000000000002051148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bab3abd239d2d8b2022-02-14 10:57:10.017root 11241100x80000000000000002051149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210f9d3f4fc706622022-02-14 10:57:10.018root 11241100x80000000000000002051150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41934c250e7aef8b2022-02-14 10:57:10.018root 11241100x80000000000000002051151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c823cebbecf7d72022-02-14 10:57:10.018root 11241100x80000000000000002051152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4d00c448c1c3b32022-02-14 10:57:10.018root 11241100x80000000000000002051153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f8e62df4185dfc2022-02-14 10:57:10.430root 11241100x80000000000000002051154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70029e6f028c78b62022-02-14 10:57:10.430root 11241100x80000000000000002051155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fa3d0bfd8bd4c62022-02-14 10:57:10.430root 11241100x80000000000000002051156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c6d6d1278872952022-02-14 10:57:10.430root 11241100x80000000000000002051157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9d6ac0ca9b32702022-02-14 10:57:10.430root 11241100x80000000000000002051158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b3af9678195b4a2022-02-14 10:57:10.431root 11241100x80000000000000002051159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8d74ad63fd23652022-02-14 10:57:10.431root 11241100x80000000000000002051160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ed9b5ddad67cfa2022-02-14 10:57:10.431root 11241100x80000000000000002051161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c42b8877639d9782022-02-14 10:57:10.431root 11241100x80000000000000002051162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748596d10003ea882022-02-14 10:57:10.930root 11241100x80000000000000002051163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39de230857b7e3b62022-02-14 10:57:10.930root 11241100x80000000000000002051164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a748237ad2965a2022-02-14 10:57:10.930root 11241100x80000000000000002051165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552c6a832c2bd4112022-02-14 10:57:10.930root 11241100x80000000000000002051166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4433b56e6bb7f062022-02-14 10:57:10.930root 11241100x80000000000000002051167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64403b3f9f628f492022-02-14 10:57:10.930root 11241100x80000000000000002051168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3493f37f516959472022-02-14 10:57:10.930root 11241100x80000000000000002051169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986329d7e15587622022-02-14 10:57:10.931root 11241100x80000000000000002051170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:10.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a89dd04dd03db52022-02-14 10:57:10.931root 354300x80000000000000002051171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.089{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-58186-false10.0.1.12-8089- 11241100x80000000000000002051172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8301b4e1571794342022-02-14 10:57:11.430root 11241100x80000000000000002051173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ff401b9898d57b2022-02-14 10:57:11.430root 11241100x80000000000000002051174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b02c501b6cb8b02022-02-14 10:57:11.430root 11241100x80000000000000002051175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a81a5d936761b22022-02-14 10:57:11.430root 11241100x80000000000000002051176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3412099b846a3d2022-02-14 10:57:11.430root 11241100x80000000000000002051177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c19b0e89bd38a42022-02-14 10:57:11.430root 11241100x80000000000000002051178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e805319a14f69e2022-02-14 10:57:11.431root 11241100x80000000000000002051179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25b35947895b8ef2022-02-14 10:57:11.431root 11241100x80000000000000002051180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d99aa6d49b917c2022-02-14 10:57:11.431root 11241100x80000000000000002051181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d1d68dfe0491232022-02-14 10:57:11.431root 11241100x80000000000000002051182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f2ba10ac810cfa2022-02-14 10:57:11.930root 11241100x80000000000000002051183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4e86f91f38b06a2022-02-14 10:57:11.930root 11241100x80000000000000002051184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342d30d3e74e34ad2022-02-14 10:57:11.930root 11241100x80000000000000002051185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3e9ed7af713f732022-02-14 10:57:11.930root 11241100x80000000000000002051186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4e23e6a982a0e02022-02-14 10:57:11.930root 11241100x80000000000000002051187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8589d1f2ed75ac522022-02-14 10:57:11.931root 11241100x80000000000000002051188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75780b899adda7c22022-02-14 10:57:11.931root 11241100x80000000000000002051189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220a2f850217f9942022-02-14 10:57:11.931root 11241100x80000000000000002051190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f902467be921492022-02-14 10:57:11.931root 11241100x80000000000000002051191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:11.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfd33b71d9aec0b2022-02-14 10:57:11.931root 354300x80000000000000002051192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.137{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54700-false10.0.1.12-8000- 11241100x80000000000000002051193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b536fbd82f3bfc2022-02-14 10:57:12.430root 11241100x80000000000000002051194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377e6cf96551b0de2022-02-14 10:57:12.430root 11241100x80000000000000002051195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2023c8fd173cf33a2022-02-14 10:57:12.430root 11241100x80000000000000002051196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fc8ef5221ce2b82022-02-14 10:57:12.430root 11241100x80000000000000002051197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9c4c42649a2a7c2022-02-14 10:57:12.430root 11241100x80000000000000002051198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6993f1a9a8583f5a2022-02-14 10:57:12.431root 11241100x80000000000000002051199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e12d434123f1e7d2022-02-14 10:57:12.431root 11241100x80000000000000002051200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d183631f7d3419e2022-02-14 10:57:12.431root 11241100x80000000000000002051201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bd4d07e7eec5002022-02-14 10:57:12.431root 11241100x80000000000000002051202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a0c0019cc1f5a82022-02-14 10:57:12.431root 11241100x80000000000000002051203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7496f6861b2b9c202022-02-14 10:57:12.431root 11241100x80000000000000002051204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfad2206f1b46792022-02-14 10:57:12.930root 11241100x80000000000000002051205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8940e271cad695d92022-02-14 10:57:12.930root 11241100x80000000000000002051206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c82ea94fa644322022-02-14 10:57:12.930root 11241100x80000000000000002051207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fa4b35d9a5d0022022-02-14 10:57:12.930root 11241100x80000000000000002051208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f658fbe8e3e7092022-02-14 10:57:12.930root 11241100x80000000000000002051209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b064a8062c81cfa2022-02-14 10:57:12.931root 11241100x80000000000000002051210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe5cda56ac93a722022-02-14 10:57:12.931root 11241100x80000000000000002051211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3ae1d88549a01f2022-02-14 10:57:12.931root 11241100x80000000000000002051212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8c911698763cd32022-02-14 10:57:12.931root 11241100x80000000000000002051213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b11ca62e9ee7be2022-02-14 10:57:12.932root 11241100x80000000000000002051214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:12.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a956b6d44595bcf72022-02-14 10:57:12.932root 23542300x80000000000000002051215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.016{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000002051216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47eb973c787d09d2022-02-14 10:57:13.430root 11241100x80000000000000002051217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07220835b03146642022-02-14 10:57:13.430root 11241100x80000000000000002051218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dce692c82ef9dd2022-02-14 10:57:13.430root 11241100x80000000000000002051219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bdd552cd8f6f7a2022-02-14 10:57:13.431root 11241100x80000000000000002051220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418ca45706f36f502022-02-14 10:57:13.431root 11241100x80000000000000002051221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b984e418a4e8e432022-02-14 10:57:13.431root 11241100x80000000000000002051222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec2e4abb99093eb2022-02-14 10:57:13.431root 11241100x80000000000000002051223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6d3009c390234c2022-02-14 10:57:13.432root 11241100x80000000000000002051224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b47209cc549631f2022-02-14 10:57:13.432root 11241100x80000000000000002051225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d831f30fe8aa481f2022-02-14 10:57:13.432root 11241100x80000000000000002051226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44a9a6306c9a3522022-02-14 10:57:13.433root 11241100x80000000000000002051227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc96bcd376f08bd12022-02-14 10:57:13.433root 11241100x80000000000000002051228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66158e86a9e215d22022-02-14 10:57:13.930root 11241100x80000000000000002051229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2658a6d14482e22022-02-14 10:57:13.930root 11241100x80000000000000002051230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5811b0b6aa12b72022-02-14 10:57:13.930root 11241100x80000000000000002051231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e2e140306e464f2022-02-14 10:57:13.930root 11241100x80000000000000002051232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c559ed9a6890c8352022-02-14 10:57:13.930root 11241100x80000000000000002051233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccce3dbea5ab39e52022-02-14 10:57:13.931root 11241100x80000000000000002051234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65064b755b358782022-02-14 10:57:13.931root 11241100x80000000000000002051235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b671cc1b09241732022-02-14 10:57:13.931root 11241100x80000000000000002051236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89474626be64e6b12022-02-14 10:57:13.931root 11241100x80000000000000002051237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805bd7d2a472147d2022-02-14 10:57:13.931root 11241100x80000000000000002051238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cd9f8324db287f2022-02-14 10:57:13.932root 11241100x80000000000000002051239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7ec83d9304a9822022-02-14 10:57:13.932root 11241100x80000000000000002051240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0395f67c0122a1052022-02-14 10:57:14.430root 11241100x80000000000000002051241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcd89e771fe97312022-02-14 10:57:14.430root 11241100x80000000000000002051242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da1b9359f0991312022-02-14 10:57:14.430root 11241100x80000000000000002051243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62743083b3e56032022-02-14 10:57:14.430root 11241100x80000000000000002051244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18c6e794e27415a2022-02-14 10:57:14.430root 11241100x80000000000000002051245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47e05d5600ace372022-02-14 10:57:14.431root 11241100x80000000000000002051246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7296f34a1d698e32022-02-14 10:57:14.431root 11241100x80000000000000002051247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9eb094647bf0052022-02-14 10:57:14.431root 11241100x80000000000000002051248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12e3f4a5c1ab9e72022-02-14 10:57:14.431root 11241100x80000000000000002051249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a178eb9a54fca02022-02-14 10:57:14.431root 11241100x80000000000000002051250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd7a696428236122022-02-14 10:57:14.431root 11241100x80000000000000002051251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a78d8044e9a78b2022-02-14 10:57:14.431root 354300x80000000000000002051252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.634{ec2ab09f-1000-620a-e067-89babe550000}1006/usr/sbin/sshdroottcpfalsefalse218.65.178.184-42472-false10.0.1.20-22- 11241100x80000000000000002051253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.634{ec2ab09f-358a-620a-0000-000000000000}2408/usr/sbin/sshd/proc/2408/oom_score_adj2022-02-14 10:57:14.634root 154100x80000000000000002051254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.634{ec2ab09f-358a-620a-e017-479f0e560000}2408/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2ab09f-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1006--- 534500x80000000000000002051255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.848{ec2ab09f-358a-620a-e017-479f0e560000}2408/usr/sbin/sshdroot 11241100x80000000000000002051256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.849{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a50a91035147eb32022-02-14 10:57:14.849root 11241100x80000000000000002051257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.849{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b8e48fdd1395342022-02-14 10:57:14.849root 11241100x80000000000000002051258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.849{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0983e2f62bf7002022-02-14 10:57:14.849root 11241100x80000000000000002051259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.849{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb713c97f55fb1d82022-02-14 10:57:14.849root 11241100x80000000000000002051260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e49b75070f33aec2022-02-14 10:57:14.850root 11241100x80000000000000002051261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a701b2e9d1985a2022-02-14 10:57:14.850root 11241100x80000000000000002051262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1ebf9b0ccb700e2022-02-14 10:57:14.850root 11241100x80000000000000002051263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3273653169ef8b2022-02-14 10:57:14.850root 11241100x80000000000000002051264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c5dcd53cd5d9c22022-02-14 10:57:14.850root 11241100x80000000000000002051265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e951cedf6c5dd92022-02-14 10:57:14.850root 11241100x80000000000000002051266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc54e46853d5a9c2022-02-14 10:57:14.850root 11241100x80000000000000002051267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc09f7d9ba302512022-02-14 10:57:14.850root 11241100x80000000000000002051268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabf9e8454d620a82022-02-14 10:57:14.850root 11241100x80000000000000002051269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e988c3cf839ce8502022-02-14 10:57:14.850root 11241100x80000000000000002051270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ef86ab21c695b92022-02-14 10:57:14.850root 11241100x80000000000000002051271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:14.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc192276362c86a42022-02-14 10:57:14.850root 11241100x80000000000000002051272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addeceddf1e724d12022-02-14 10:57:15.180root 11241100x80000000000000002051273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc5fde0f346f0612022-02-14 10:57:15.180root 11241100x80000000000000002051274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6af58babf8990e72022-02-14 10:57:15.180root 11241100x80000000000000002051275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cd99f4b8a0cee72022-02-14 10:57:15.180root 11241100x80000000000000002051276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6e0dd37b26dc972022-02-14 10:57:15.181root 11241100x80000000000000002051277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b294569548c3c0e2022-02-14 10:57:15.181root 11241100x80000000000000002051278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51b3240ab4bff8a2022-02-14 10:57:15.181root 11241100x80000000000000002051279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea1f9f9fe1fad702022-02-14 10:57:15.181root 11241100x80000000000000002051280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbcf9c3a9f8d8842022-02-14 10:57:15.181root 11241100x80000000000000002051281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5537d8c1badd9a7e2022-02-14 10:57:15.181root 11241100x80000000000000002051282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f85059676c20a242022-02-14 10:57:15.181root 11241100x80000000000000002051283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be15e536d044786d2022-02-14 10:57:15.181root 11241100x80000000000000002051284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bf14a3340953d02022-02-14 10:57:15.181root 11241100x80000000000000002051285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceb42ba3bcd1e0f2022-02-14 10:57:15.182root 11241100x80000000000000002051286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86067cb6a41bf8d42022-02-14 10:57:15.182root 11241100x80000000000000002051287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b684acfed5332e2022-02-14 10:57:15.182root 11241100x80000000000000002051288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f7c4e0cd84e59b2022-02-14 10:57:15.680root 11241100x80000000000000002051289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46989c9dc0ac4182022-02-14 10:57:15.680root 11241100x80000000000000002051290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8075a1000776e462022-02-14 10:57:15.681root 11241100x80000000000000002051291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a048e1e53b064d2022-02-14 10:57:15.681root 11241100x80000000000000002051292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dee62edf8488fb92022-02-14 10:57:15.681root 11241100x80000000000000002051293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ea2045fb886cce2022-02-14 10:57:15.681root 11241100x80000000000000002051294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec20034e5c34f872022-02-14 10:57:15.681root 11241100x80000000000000002051295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9a682057671edb2022-02-14 10:57:15.682root 11241100x80000000000000002051296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f26d08a3a4257132022-02-14 10:57:15.682root 11241100x80000000000000002051297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae360699edc3de432022-02-14 10:57:15.682root 11241100x80000000000000002051298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647c47898ee882462022-02-14 10:57:15.682root 11241100x80000000000000002051299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7226ccd3fc8ca4f02022-02-14 10:57:15.682root 11241100x80000000000000002051300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4b105f51e06cb12022-02-14 10:57:15.683root 11241100x80000000000000002051301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673baedc214a6b672022-02-14 10:57:15.683root 11241100x80000000000000002051302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35abc2789243a61a2022-02-14 10:57:15.683root 11241100x80000000000000002051303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:15.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcc92f36504ee092022-02-14 10:57:15.683root 11241100x80000000000000002051304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9010ad45ce9d83c2022-02-14 10:57:16.180root 11241100x80000000000000002051305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a235709651c5ff542022-02-14 10:57:16.180root 11241100x80000000000000002051306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78d160837edee2d2022-02-14 10:57:16.180root 11241100x80000000000000002051307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b0e18125e33c972022-02-14 10:57:16.181root 11241100x80000000000000002051308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0236ba431fca45c2022-02-14 10:57:16.181root 11241100x80000000000000002051309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec26a29c926c23252022-02-14 10:57:16.181root 11241100x80000000000000002051310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e0ad29ced0f37e2022-02-14 10:57:16.181root 11241100x80000000000000002051311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dd5a1321d5e5142022-02-14 10:57:16.181root 11241100x80000000000000002051312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839faf2a2028a3aa2022-02-14 10:57:16.181root 11241100x80000000000000002051313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980dac5e2dba6d462022-02-14 10:57:16.181root 11241100x80000000000000002051314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0959ac717b0211b52022-02-14 10:57:16.181root 11241100x80000000000000002051315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384bbecbe65d24012022-02-14 10:57:16.181root 11241100x80000000000000002051316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a355e787028127a72022-02-14 10:57:16.182root 11241100x80000000000000002051317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a11e075e7f6c9492022-02-14 10:57:16.182root 11241100x80000000000000002051318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71d46062399ac272022-02-14 10:57:16.182root 11241100x80000000000000002051319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aab4fa653d343102022-02-14 10:57:16.182root 11241100x80000000000000002051320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8d47ac6746e5012022-02-14 10:57:16.680root 11241100x80000000000000002051321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab09f412cb3e3d0c2022-02-14 10:57:16.680root 11241100x80000000000000002051322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ecab7b5fe71cd62022-02-14 10:57:16.680root 11241100x80000000000000002051323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0114d9e3da60a02022-02-14 10:57:16.680root 11241100x80000000000000002051324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d121a34d484f962022-02-14 10:57:16.681root 11241100x80000000000000002051325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f8419b79e162de2022-02-14 10:57:16.681root 11241100x80000000000000002051326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b4ad1fc82b6b812022-02-14 10:57:16.681root 11241100x80000000000000002051327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9c45c9d0f60a0f2022-02-14 10:57:16.681root 11241100x80000000000000002051328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72341fae64ca461e2022-02-14 10:57:16.682root 11241100x80000000000000002051329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74abc59b0487ef72022-02-14 10:57:16.682root 11241100x80000000000000002051330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f441861342174ad2022-02-14 10:57:16.682root 11241100x80000000000000002051331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd961efebe3cd4002022-02-14 10:57:16.682root 11241100x80000000000000002051332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e72565e63beaff32022-02-14 10:57:16.683root 11241100x80000000000000002051333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47131018c42e0c702022-02-14 10:57:16.683root 11241100x80000000000000002051334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6750058883b9ede2022-02-14 10:57:16.683root 11241100x80000000000000002051335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:16.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d3746a5e9999702022-02-14 10:57:16.683root 354300x80000000000000002051336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.143{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54702-false10.0.1.12-8000- 11241100x80000000000000002051337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.144{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a881468b747c712022-02-14 10:57:17.144root 11241100x80000000000000002051338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.144{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9644bb1d696be12022-02-14 10:57:17.144root 11241100x80000000000000002051339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.145{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620da24dc7e87d512022-02-14 10:57:17.145root 11241100x80000000000000002051340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.145{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61528b5dae2876e2022-02-14 10:57:17.145root 11241100x80000000000000002051341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.146{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d781fc90b7d9f02022-02-14 10:57:17.146root 11241100x80000000000000002051342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.146{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90242faf052ea9c2022-02-14 10:57:17.146root 11241100x80000000000000002051343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.146{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298e96a1f670676e2022-02-14 10:57:17.146root 11241100x80000000000000002051344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.146{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f4f3091a0e6c4b2022-02-14 10:57:17.146root 11241100x80000000000000002051345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05f580fc78de60a2022-02-14 10:57:17.148root 11241100x80000000000000002051346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c387e79ff529dce2022-02-14 10:57:17.148root 11241100x80000000000000002051347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd21166cb054a5d2022-02-14 10:57:17.148root 11241100x80000000000000002051348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b371c6f0aab4fe022022-02-14 10:57:17.148root 11241100x80000000000000002051349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398badcf3d8c05a42022-02-14 10:57:17.149root 11241100x80000000000000002051350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b98af51211f00b02022-02-14 10:57:17.149root 11241100x80000000000000002051351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586391e3338a01c32022-02-14 10:57:17.149root 11241100x80000000000000002051352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5bfcbf53f9c8bb2022-02-14 10:57:17.149root 11241100x80000000000000002051353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.150{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c297ba3d4733062022-02-14 10:57:17.150root 11241100x80000000000000002051354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.150{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f7f6ed5515fde12022-02-14 10:57:17.150root 11241100x80000000000000002051355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81297352fe94c212022-02-14 10:57:17.151root 11241100x80000000000000002051356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff222f245ef1f862022-02-14 10:57:17.429root 11241100x80000000000000002051357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb593e61e0b85d92022-02-14 10:57:17.430root 11241100x80000000000000002051358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9555b59c2787f42022-02-14 10:57:17.430root 11241100x80000000000000002051359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0edd94fddf55d5e2022-02-14 10:57:17.430root 11241100x80000000000000002051360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae7d8b17875f1392022-02-14 10:57:17.430root 11241100x80000000000000002051361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5a5646b6ec4e782022-02-14 10:57:17.430root 11241100x80000000000000002051362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7493662c4f28032022-02-14 10:57:17.431root 11241100x80000000000000002051363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97f99de5016967e2022-02-14 10:57:17.431root 11241100x80000000000000002051364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c52a5cdb6528af2022-02-14 10:57:17.431root 11241100x80000000000000002051365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f160bb520ea8592022-02-14 10:57:17.431root 11241100x80000000000000002051366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed32649f72dc3ab12022-02-14 10:57:17.432root 11241100x80000000000000002051367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0013d5b33c4ee97a2022-02-14 10:57:17.432root 11241100x80000000000000002051368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7b6bfd0d28a75f2022-02-14 10:57:17.432root 11241100x80000000000000002051369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a4dc43062a05102022-02-14 10:57:17.432root 11241100x80000000000000002051370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca192bfdd87e54a42022-02-14 10:57:17.432root 11241100x80000000000000002051371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8163b9bd636c63cc2022-02-14 10:57:17.432root 11241100x80000000000000002051372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548f335166f027f22022-02-14 10:57:17.432root 11241100x80000000000000002051373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6815a98c6c40e9d2022-02-14 10:57:17.432root 11241100x80000000000000002051374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a9ff624250cd8c2022-02-14 10:57:17.433root 11241100x80000000000000002051375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3667661db7ea0e7f2022-02-14 10:57:17.931root 11241100x80000000000000002051376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a89d953c840f492022-02-14 10:57:17.932root 11241100x80000000000000002051377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13825b0e30e141822022-02-14 10:57:17.932root 11241100x80000000000000002051378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1aaafc6c25dcfd2022-02-14 10:57:17.932root 11241100x80000000000000002051379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcbba093b600a1b2022-02-14 10:57:17.932root 11241100x80000000000000002051380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da37f3c45cfe69442022-02-14 10:57:17.932root 11241100x80000000000000002051381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879aad00537311522022-02-14 10:57:17.933root 11241100x80000000000000002051382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5159267214e8ce652022-02-14 10:57:17.933root 11241100x80000000000000002051383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75053cb1019449042022-02-14 10:57:17.933root 11241100x80000000000000002051384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a955976bec73190f2022-02-14 10:57:17.933root 11241100x80000000000000002051385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3f6a7b4e12014c2022-02-14 10:57:17.933root 11241100x80000000000000002051386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb3b03ea05c55182022-02-14 10:57:17.933root 11241100x80000000000000002051387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adb9aad41a364d72022-02-14 10:57:17.933root 11241100x80000000000000002051388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220449034c1b83482022-02-14 10:57:17.933root 11241100x80000000000000002051389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52594ded34e0c822022-02-14 10:57:17.933root 11241100x80000000000000002051390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d5c37de8e2d7ff2022-02-14 10:57:17.934root 11241100x80000000000000002051391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:17.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dd51f025d40c882022-02-14 10:57:17.934root 11241100x80000000000000002051392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac8334b470e0f042022-02-14 10:57:18.430root 11241100x80000000000000002051393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c92ba813a7180a92022-02-14 10:57:18.430root 11241100x80000000000000002051394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68ac1d5e3dd90652022-02-14 10:57:18.430root 11241100x80000000000000002051395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e6aaa1971119e42022-02-14 10:57:18.431root 11241100x80000000000000002051396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdca12f97ce4dda2022-02-14 10:57:18.431root 11241100x80000000000000002051397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83332d7d6f48c9322022-02-14 10:57:18.431root 11241100x80000000000000002051398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6f4d675197138b2022-02-14 10:57:18.431root 11241100x80000000000000002051399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49d810b44af4b002022-02-14 10:57:18.431root 11241100x80000000000000002051400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ec9cf042520c3f2022-02-14 10:57:18.431root 11241100x80000000000000002051401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c80ec8f88859022022-02-14 10:57:18.431root 11241100x80000000000000002051402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4b17eff4911e572022-02-14 10:57:18.431root 11241100x80000000000000002051403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66f389ff74132c92022-02-14 10:57:18.431root 11241100x80000000000000002051404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f0dfa3b3da05562022-02-14 10:57:18.432root 11241100x80000000000000002051405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43c37a77f8a9d702022-02-14 10:57:18.432root 11241100x80000000000000002051406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbc11829ba0d0302022-02-14 10:57:18.432root 11241100x80000000000000002051407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c8c5a39c99cafc2022-02-14 10:57:18.432root 11241100x80000000000000002051408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57ad72d1b3c28222022-02-14 10:57:18.432root 11241100x80000000000000002051409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d75efee270429f22022-02-14 10:57:18.930root 11241100x80000000000000002051410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4547a0a3832829e82022-02-14 10:57:18.930root 11241100x80000000000000002051411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ee868bc18f8bc42022-02-14 10:57:18.930root 11241100x80000000000000002051412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86022b56cbc95ec2022-02-14 10:57:18.931root 11241100x80000000000000002051413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4b8d935dbf263c2022-02-14 10:57:18.931root 11241100x80000000000000002051414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53720f15ed1f20f72022-02-14 10:57:18.931root 11241100x80000000000000002051415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5d0e9c03bc9e9c2022-02-14 10:57:18.931root 11241100x80000000000000002051416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1430c37a0ab0c82022-02-14 10:57:18.931root 11241100x80000000000000002051417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ea6d72c0a006ff2022-02-14 10:57:18.931root 11241100x80000000000000002051418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321ad47147217d152022-02-14 10:57:18.931root 11241100x80000000000000002051419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f024ab89ec0c7872022-02-14 10:57:18.931root 11241100x80000000000000002051420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49142e574dc5e01e2022-02-14 10:57:18.932root 11241100x80000000000000002051421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7886c33e172cb47a2022-02-14 10:57:18.932root 11241100x80000000000000002051422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a92863ea844a68b2022-02-14 10:57:18.932root 11241100x80000000000000002051423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78f4d521654503c2022-02-14 10:57:18.932root 11241100x80000000000000002051424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2b2b0d020e38d62022-02-14 10:57:18.932root 11241100x80000000000000002051425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa425bdfeec8fe9a2022-02-14 10:57:18.932root 11241100x80000000000000002051426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78e2d69f8bf30a32022-02-14 10:57:19.430root 11241100x80000000000000002051427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44e839ee5b6244a2022-02-14 10:57:19.430root 11241100x80000000000000002051428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc7d94402830a952022-02-14 10:57:19.430root 11241100x80000000000000002051429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522ccdecb77651142022-02-14 10:57:19.431root 11241100x80000000000000002051430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbdee33ff7f3d852022-02-14 10:57:19.431root 11241100x80000000000000002051431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d90b3201c397b352022-02-14 10:57:19.431root 11241100x80000000000000002051432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f0192ddec02f732022-02-14 10:57:19.431root 11241100x80000000000000002051433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41db059315e67bab2022-02-14 10:57:19.431root 11241100x80000000000000002051434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62530c44bbf888b52022-02-14 10:57:19.431root 11241100x80000000000000002051435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2476d2f982527f832022-02-14 10:57:19.432root 11241100x80000000000000002051436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a5aeff635683b92022-02-14 10:57:19.432root 11241100x80000000000000002051437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550900af08c4f6ab2022-02-14 10:57:19.432root 11241100x80000000000000002051438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f01397a1a41da352022-02-14 10:57:19.433root 11241100x80000000000000002051439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ee58be5baa28902022-02-14 10:57:19.433root 11241100x80000000000000002051440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b291f5d8ca8333e2022-02-14 10:57:19.434root 11241100x80000000000000002051441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e732f592d405c8d2022-02-14 10:57:19.434root 11241100x80000000000000002051442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293fbeece5f58fbd2022-02-14 10:57:19.434root 11241100x80000000000000002051443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abb1259cd61651c2022-02-14 10:57:19.929root 11241100x80000000000000002051444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc87b90a0f1c5fd12022-02-14 10:57:19.930root 11241100x80000000000000002051445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf7f14e92c97e6e2022-02-14 10:57:19.930root 11241100x80000000000000002051446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac5ab45bc99c16f2022-02-14 10:57:19.930root 11241100x80000000000000002051447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb184512066846b42022-02-14 10:57:19.931root 11241100x80000000000000002051448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8f1cf9c8e140a82022-02-14 10:57:19.931root 11241100x80000000000000002051449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f8e0c6e7c4d9b22022-02-14 10:57:19.931root 11241100x80000000000000002051450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dd80af1d87c6912022-02-14 10:57:19.932root 11241100x80000000000000002051451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55e99b1681189902022-02-14 10:57:19.932root 11241100x80000000000000002051452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee772ae55142329e2022-02-14 10:57:19.932root 11241100x80000000000000002051453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102ae73a394058a52022-02-14 10:57:19.932root 11241100x80000000000000002051454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e477be6462bca2f72022-02-14 10:57:19.934root 11241100x80000000000000002051455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09be32c2b56979d2022-02-14 10:57:19.934root 11241100x80000000000000002051456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefbce174f80b95c2022-02-14 10:57:19.934root 11241100x80000000000000002051457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb2fd8c0697642d2022-02-14 10:57:19.934root 11241100x80000000000000002051458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8af862f1ad539f2022-02-14 10:57:19.934root 11241100x80000000000000002051459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e57a9c69c84f16e2022-02-14 10:57:19.934root 11241100x80000000000000002051460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b973408872e24f612022-02-14 10:57:19.935root 11241100x80000000000000002051461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:19.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7177a85e953745152022-02-14 10:57:19.935root 11241100x80000000000000002051462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c09d85bc9c1049c2022-02-14 10:57:20.430root 11241100x80000000000000002051463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb56ce56e739f4e02022-02-14 10:57:20.430root 11241100x80000000000000002051464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c706dbadcc04e67b2022-02-14 10:57:20.430root 11241100x80000000000000002051465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3aa052964ddde12022-02-14 10:57:20.430root 11241100x80000000000000002051466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f761ae31790bde2022-02-14 10:57:20.430root 11241100x80000000000000002051467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21599e074ee7fd12022-02-14 10:57:20.430root 11241100x80000000000000002051468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6411cbb7b826152022-02-14 10:57:20.430root 11241100x80000000000000002051469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e750c8a4fa34f1e02022-02-14 10:57:20.431root 11241100x80000000000000002051470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4fe80b7bd00b882022-02-14 10:57:20.431root 11241100x80000000000000002051471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6766e5c7b6bbd72022-02-14 10:57:20.431root 11241100x80000000000000002051472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c487cfea85d4e92022-02-14 10:57:20.431root 11241100x80000000000000002051473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9fc8f8671daab22022-02-14 10:57:20.431root 11241100x80000000000000002051474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac7e1d16c156b152022-02-14 10:57:20.432root 11241100x80000000000000002051475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7d10c4fbee7b6c2022-02-14 10:57:20.432root 11241100x80000000000000002051476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153687389a8bc7a02022-02-14 10:57:20.432root 11241100x80000000000000002051477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccc29aaec3941182022-02-14 10:57:20.432root 11241100x80000000000000002051478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c503f53868d1432022-02-14 10:57:20.432root 11241100x80000000000000002051479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fd351c3e4beaff2022-02-14 10:57:20.432root 11241100x80000000000000002051480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c754404352d60362022-02-14 10:57:20.930root 11241100x80000000000000002051481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bde569c8b06b042022-02-14 10:57:20.930root 11241100x80000000000000002051482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32955ab8f838f292022-02-14 10:57:20.930root 11241100x80000000000000002051483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dc1d43f7e9ddff2022-02-14 10:57:20.930root 11241100x80000000000000002051484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaadf304fe4244b2022-02-14 10:57:20.930root 11241100x80000000000000002051485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffb853419064b6e2022-02-14 10:57:20.931root 11241100x80000000000000002051486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08461ff4b081e1652022-02-14 10:57:20.931root 11241100x80000000000000002051487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866d92d5d5ec6b802022-02-14 10:57:20.931root 11241100x80000000000000002051488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eeb3630bf4591e2022-02-14 10:57:20.932root 11241100x80000000000000002051489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4ced4994ad13a02022-02-14 10:57:20.932root 11241100x80000000000000002051490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d61ed0c17240452022-02-14 10:57:20.932root 11241100x80000000000000002051491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fa7e9292242c142022-02-14 10:57:20.932root 11241100x80000000000000002051492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb4119ec70d40432022-02-14 10:57:20.932root 11241100x80000000000000002051493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb1fbac7e04a96a2022-02-14 10:57:20.932root 11241100x80000000000000002051494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0b5d22610079b62022-02-14 10:57:20.932root 11241100x80000000000000002051495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d871c2bd9263af32022-02-14 10:57:20.933root 11241100x80000000000000002051496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:20.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c501e602581785a02022-02-14 10:57:20.933root 11241100x80000000000000002051497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42a3cc16824f53d2022-02-14 10:57:21.430root 11241100x80000000000000002051498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a67e62af54df1a2022-02-14 10:57:21.432root 11241100x80000000000000002051499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d4ef3e9c38efc62022-02-14 10:57:21.432root 11241100x80000000000000002051500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1884f2cc06eb695d2022-02-14 10:57:21.432root 11241100x80000000000000002051501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0887a05f09580bd2022-02-14 10:57:21.432root 11241100x80000000000000002051502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db06965afe0f53e72022-02-14 10:57:21.432root 11241100x80000000000000002051503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b063b718a614342022-02-14 10:57:21.432root 11241100x80000000000000002051504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ce4af83e27b89c2022-02-14 10:57:21.432root 11241100x80000000000000002051505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441fe7003604e42f2022-02-14 10:57:21.432root 11241100x80000000000000002051506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06dae07b912c6ba2022-02-14 10:57:21.432root 11241100x80000000000000002051507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d378fa7761c14062022-02-14 10:57:21.432root 11241100x80000000000000002051508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3fd13c4ba8fbe32022-02-14 10:57:21.432root 11241100x80000000000000002051509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e864f3e6ea6062162022-02-14 10:57:21.432root 11241100x80000000000000002051510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381c74bb410261512022-02-14 10:57:21.433root 11241100x80000000000000002051511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f65aafa3eb7b372022-02-14 10:57:21.433root 11241100x80000000000000002051512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58da5e26169d53ac2022-02-14 10:57:21.433root 11241100x80000000000000002051513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec700519cdbe758e2022-02-14 10:57:21.433root 11241100x80000000000000002051514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc80ade1824529762022-02-14 10:57:21.929root 11241100x80000000000000002051515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46589b13774f48242022-02-14 10:57:21.930root 11241100x80000000000000002051516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955d0d496f6b74ea2022-02-14 10:57:21.930root 11241100x80000000000000002051517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f523e11d1e20af2c2022-02-14 10:57:21.930root 11241100x80000000000000002051518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aadf7f136fed1a62022-02-14 10:57:21.930root 11241100x80000000000000002051519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed27bb447e14e3d52022-02-14 10:57:21.930root 11241100x80000000000000002051520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9416592fab2c495c2022-02-14 10:57:21.931root 11241100x80000000000000002051521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc83f2788cfada002022-02-14 10:57:21.931root 11241100x80000000000000002051522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37db89b57becd54c2022-02-14 10:57:21.931root 11241100x80000000000000002051523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01f0cdf4634b41b2022-02-14 10:57:21.931root 11241100x80000000000000002051524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce60b68c1d82f54c2022-02-14 10:57:21.931root 11241100x80000000000000002051525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4941b8d8ff3b4aa52022-02-14 10:57:21.931root 11241100x80000000000000002051526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7be858f0b05d4da2022-02-14 10:57:21.931root 11241100x80000000000000002051527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dbb84b294df49b2022-02-14 10:57:21.932root 11241100x80000000000000002051528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fadbfc4d1090b092022-02-14 10:57:21.932root 11241100x80000000000000002051529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f984c63cbcdd0252022-02-14 10:57:21.932root 11241100x80000000000000002051530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182984ef7e1c6dec2022-02-14 10:57:21.932root 11241100x80000000000000002051531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25a3c015b9e346e2022-02-14 10:57:21.932root 11241100x80000000000000002051532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e6531ffb1f31d02022-02-14 10:57:21.932root 11241100x80000000000000002051533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bfc3af0fc778f02022-02-14 10:57:22.430root 11241100x80000000000000002051534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dbac2ad1fbb90c2022-02-14 10:57:22.430root 11241100x80000000000000002051535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736de89bd80aff3f2022-02-14 10:57:22.430root 11241100x80000000000000002051536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7992dcef7c37b672022-02-14 10:57:22.431root 11241100x80000000000000002051537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bd4b1a5c2462b12022-02-14 10:57:22.431root 11241100x80000000000000002051538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ac417d3114e8452022-02-14 10:57:22.431root 11241100x80000000000000002051539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c1315abc322d5a2022-02-14 10:57:22.431root 11241100x80000000000000002051540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56a7176a69e9cbb2022-02-14 10:57:22.431root 11241100x80000000000000002051541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c107b4ddc283952022-02-14 10:57:22.431root 11241100x80000000000000002051542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36742b6b09f9cdf52022-02-14 10:57:22.431root 11241100x80000000000000002051543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65282a798cb4c472022-02-14 10:57:22.431root 11241100x80000000000000002051544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064b744bc87613c32022-02-14 10:57:22.431root 11241100x80000000000000002051545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9edc2e42fe078632022-02-14 10:57:22.431root 11241100x80000000000000002051546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b81e85c4a035522022-02-14 10:57:22.431root 11241100x80000000000000002051547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfa050bc9e30d102022-02-14 10:57:22.431root 11241100x80000000000000002051548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1506fe41fcb38e9a2022-02-14 10:57:22.431root 11241100x80000000000000002051549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3b444446f6354f2022-02-14 10:57:22.431root 11241100x80000000000000002051550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153c0ebbac836e162022-02-14 10:57:22.930root 11241100x80000000000000002051551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe3273d961620a42022-02-14 10:57:22.930root 11241100x80000000000000002051552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf6c4bd6a5500212022-02-14 10:57:22.930root 11241100x80000000000000002051553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e787a09c1748418d2022-02-14 10:57:22.930root 11241100x80000000000000002051554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521b4aad53a035262022-02-14 10:57:22.930root 11241100x80000000000000002051555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732617cf5d24d38d2022-02-14 10:57:22.930root 11241100x80000000000000002051556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc5727686578b6c2022-02-14 10:57:22.930root 11241100x80000000000000002051557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f388c170deac262022-02-14 10:57:22.930root 11241100x80000000000000002051558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5951592b8cb0938b2022-02-14 10:57:22.930root 11241100x80000000000000002051559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f441a3ab5cdb1192022-02-14 10:57:22.931root 11241100x80000000000000002051560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf908a4ff8cc1b62022-02-14 10:57:22.931root 11241100x80000000000000002051561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbeb296ce2834ce2022-02-14 10:57:22.931root 11241100x80000000000000002051562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c58a1ac81b6d34b2022-02-14 10:57:22.931root 11241100x80000000000000002051563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29841243e82a05622022-02-14 10:57:22.931root 11241100x80000000000000002051564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a28dd5cd1a11bd2022-02-14 10:57:22.931root 11241100x80000000000000002051565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90273421b7454e762022-02-14 10:57:22.931root 11241100x80000000000000002051566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b21e50d3407d982022-02-14 10:57:22.931root 354300x80000000000000002051567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.137{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54704-false10.0.1.12-8000- 11241100x80000000000000002051568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaddc1846a7e83052022-02-14 10:57:23.430root 11241100x80000000000000002051569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8f77961f86bfb42022-02-14 10:57:23.430root 11241100x80000000000000002051570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528582014b112f5e2022-02-14 10:57:23.430root 11241100x80000000000000002051571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce32e3822d1034712022-02-14 10:57:23.431root 11241100x80000000000000002051572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a38216a6c89e0b2022-02-14 10:57:23.431root 11241100x80000000000000002051573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d128fdaaf4d908c42022-02-14 10:57:23.431root 11241100x80000000000000002051574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6ebe577c9c92202022-02-14 10:57:23.431root 11241100x80000000000000002051575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11804fbe8b6e4212022-02-14 10:57:23.431root 11241100x80000000000000002051576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006e9dee40e0a2b32022-02-14 10:57:23.431root 11241100x80000000000000002051577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b4d16b025d4dd32022-02-14 10:57:23.431root 11241100x80000000000000002051578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf3a49085385bea2022-02-14 10:57:23.431root 11241100x80000000000000002051579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d974c2dc3a65ce882022-02-14 10:57:23.431root 11241100x80000000000000002051580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d97df8e45776d82022-02-14 10:57:23.431root 11241100x80000000000000002051581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ecc03b85ba47632022-02-14 10:57:23.431root 11241100x80000000000000002051582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c5ca7e9a95da7a2022-02-14 10:57:23.431root 11241100x80000000000000002051583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97d42b61fefd0a82022-02-14 10:57:23.432root 11241100x80000000000000002051584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f194e1c21ab66a172022-02-14 10:57:23.432root 11241100x80000000000000002051585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2d0b2bd17dfd682022-02-14 10:57:23.432root 11241100x80000000000000002051586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84817b157c6d7ca32022-02-14 10:57:23.931root 11241100x80000000000000002051587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f094879a7f2f2a652022-02-14 10:57:23.931root 11241100x80000000000000002051588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09116ee37f8829842022-02-14 10:57:23.931root 11241100x80000000000000002051589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752d4c1848a5c9052022-02-14 10:57:23.932root 11241100x80000000000000002051590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d1205b71d742ae2022-02-14 10:57:23.932root 11241100x80000000000000002051591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ea3b831cb50ab22022-02-14 10:57:23.932root 11241100x80000000000000002051592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88839f81b5d424612022-02-14 10:57:23.932root 11241100x80000000000000002051593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0989a4d9b46739d62022-02-14 10:57:23.932root 11241100x80000000000000002051594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baea15ed287ce832022-02-14 10:57:23.932root 11241100x80000000000000002051595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410846ab4d3d463a2022-02-14 10:57:23.933root 11241100x80000000000000002051596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06487e5efee62b5c2022-02-14 10:57:23.933root 11241100x80000000000000002051597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b47674677d60c02022-02-14 10:57:23.933root 11241100x80000000000000002051598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f73dab0688563e82022-02-14 10:57:23.933root 11241100x80000000000000002051599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec021daa9af55d62022-02-14 10:57:23.933root 11241100x80000000000000002051600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d05589dbb3275b2022-02-14 10:57:23.934root 11241100x80000000000000002051601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9753667fe86b9152022-02-14 10:57:23.934root 11241100x80000000000000002051602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d873aa6b3bbe2c052022-02-14 10:57:23.934root 11241100x80000000000000002051603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:23.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2012c9a4aca6ac2022-02-14 10:57:23.935root 11241100x80000000000000002051604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d764741cf69c2d042022-02-14 10:57:24.430root 11241100x80000000000000002051605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfdfd1d79af81af2022-02-14 10:57:24.430root 11241100x80000000000000002051606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e282bdb856ebce2d2022-02-14 10:57:24.430root 11241100x80000000000000002051607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ed4f542158cc172022-02-14 10:57:24.431root 11241100x80000000000000002051608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb73daea218d247e2022-02-14 10:57:24.431root 11241100x80000000000000002051609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2290a4baf4f804c2022-02-14 10:57:24.431root 11241100x80000000000000002051610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0517784a36123b9c2022-02-14 10:57:24.431root 11241100x80000000000000002051611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31a98fcc2037e462022-02-14 10:57:24.431root 11241100x80000000000000002051612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d121c45033534422022-02-14 10:57:24.431root 11241100x80000000000000002051613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3df2d605893ba32022-02-14 10:57:24.436root 11241100x80000000000000002051614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baeda5f585ce7202022-02-14 10:57:24.436root 11241100x80000000000000002051615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bc1462c2fa165b2022-02-14 10:57:24.436root 11241100x80000000000000002051616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bde3d21cdad3ef2022-02-14 10:57:24.436root 11241100x80000000000000002051617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884f17e48ce7ddad2022-02-14 10:57:24.436root 11241100x80000000000000002051618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e876d693689df152022-02-14 10:57:24.436root 11241100x80000000000000002051619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d9470a364a4d0b2022-02-14 10:57:24.437root 11241100x80000000000000002051620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583860862e692b712022-02-14 10:57:24.437root 11241100x80000000000000002051621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35773ae9c1c4ad962022-02-14 10:57:24.437root 11241100x80000000000000002051622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668bee1ff37d537a2022-02-14 10:57:24.931root 11241100x80000000000000002051623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72741609b57dd3482022-02-14 10:57:24.931root 11241100x80000000000000002051624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318a366751c863022022-02-14 10:57:24.931root 11241100x80000000000000002051625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e00b982fa3cd2b2022-02-14 10:57:24.932root 11241100x80000000000000002051626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5072f27856e09e8b2022-02-14 10:57:24.932root 11241100x80000000000000002051627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14975213f4aa11bb2022-02-14 10:57:24.932root 11241100x80000000000000002051628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e075d2718b1e6d2022-02-14 10:57:24.932root 11241100x80000000000000002051629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37cd05f2cf13eac2022-02-14 10:57:24.932root 11241100x80000000000000002051630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a388bd41b950dd0b2022-02-14 10:57:24.932root 11241100x80000000000000002051631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f549c8e220570b182022-02-14 10:57:24.932root 11241100x80000000000000002051632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a5aa292f6fdf4d2022-02-14 10:57:24.932root 11241100x80000000000000002051633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4d42dfef14332f2022-02-14 10:57:24.933root 11241100x80000000000000002051634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617bca32a8a161f92022-02-14 10:57:24.933root 11241100x80000000000000002051635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471f7fd1971ed86b2022-02-14 10:57:24.933root 11241100x80000000000000002051636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b846ea299ef9eec2022-02-14 10:57:24.933root 11241100x80000000000000002051637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac580e64681bb2282022-02-14 10:57:24.933root 11241100x80000000000000002051638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cc8562ba1b57a02022-02-14 10:57:24.934root 11241100x80000000000000002051639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:24.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5442aa53203a1d692022-02-14 10:57:24.934root 11241100x80000000000000002051640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddd5293192708902022-02-14 10:57:25.430root 11241100x80000000000000002051641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ada91e4ebcc4f552022-02-14 10:57:25.430root 11241100x80000000000000002051642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e52773276624662022-02-14 10:57:25.431root 11241100x80000000000000002051643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20964ee9be517ba2022-02-14 10:57:25.431root 11241100x80000000000000002051644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c89f916b742c7c2022-02-14 10:57:25.431root 11241100x80000000000000002051645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4572ce1894cb9a2022-02-14 10:57:25.431root 11241100x80000000000000002051646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f822323f9b44fd2022-02-14 10:57:25.431root 11241100x80000000000000002051647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a0c448856bfad12022-02-14 10:57:25.431root 11241100x80000000000000002051648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605a0b6c1a0167f52022-02-14 10:57:25.431root 11241100x80000000000000002051649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715145225fc5b3752022-02-14 10:57:25.431root 11241100x80000000000000002051650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84b391978d3c95d2022-02-14 10:57:25.431root 11241100x80000000000000002051651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94983d57a54e540d2022-02-14 10:57:25.432root 11241100x80000000000000002051652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0a693e63181add2022-02-14 10:57:25.432root 11241100x80000000000000002051653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c587b9a57041622022-02-14 10:57:25.432root 11241100x80000000000000002051654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9a856935a52c6b2022-02-14 10:57:25.432root 11241100x80000000000000002051655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebff6bd83e1484f2022-02-14 10:57:25.432root 11241100x80000000000000002051656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af4477acf75af0c2022-02-14 10:57:25.432root 11241100x80000000000000002051657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505dc8b8a6ba410f2022-02-14 10:57:25.432root 11241100x80000000000000002051658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3798d0f19787d6a2022-02-14 10:57:25.930root 11241100x80000000000000002051659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d176c1b08f0d582022-02-14 10:57:25.931root 11241100x80000000000000002051660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee2d6c65b8a658f2022-02-14 10:57:25.931root 11241100x80000000000000002051661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c939b30e442fa7562022-02-14 10:57:25.931root 11241100x80000000000000002051662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5b5fd86734092b2022-02-14 10:57:25.931root 11241100x80000000000000002051663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f18fa5ca90d1752022-02-14 10:57:25.931root 11241100x80000000000000002051664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088430215666e93e2022-02-14 10:57:25.931root 11241100x80000000000000002051665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1138957e7ec019b92022-02-14 10:57:25.931root 11241100x80000000000000002051666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0125e3360c13f9412022-02-14 10:57:25.931root 11241100x80000000000000002051667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e7878999822b762022-02-14 10:57:25.932root 11241100x80000000000000002051668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380386904befcdd92022-02-14 10:57:25.932root 11241100x80000000000000002051669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab77fd55e32fdb92022-02-14 10:57:25.932root 11241100x80000000000000002051670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d48a7bb789c4e3d2022-02-14 10:57:25.932root 11241100x80000000000000002051671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444b9011c7726edf2022-02-14 10:57:25.932root 11241100x80000000000000002051672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1c0b2bbdf94f412022-02-14 10:57:25.933root 11241100x80000000000000002051673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df0fa53ad3cb0322022-02-14 10:57:25.933root 11241100x80000000000000002051674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb216f7a25cc31e12022-02-14 10:57:25.933root 11241100x80000000000000002051675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:25.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dd3caf53bdb5f72022-02-14 10:57:25.934root 11241100x80000000000000002051676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17950f6f4005a062022-02-14 10:57:26.430root 11241100x80000000000000002051677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cba083294e163b2022-02-14 10:57:26.431root 11241100x80000000000000002051678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf5321509bf72f22022-02-14 10:57:26.431root 11241100x80000000000000002051679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0685f6ee6e47432022-02-14 10:57:26.431root 11241100x80000000000000002051680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864b765dd14499192022-02-14 10:57:26.431root 11241100x80000000000000002051681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a16eec2890310a2022-02-14 10:57:26.431root 11241100x80000000000000002051682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b411d11b01340ed2022-02-14 10:57:26.431root 11241100x80000000000000002051683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b99f040df30c4d52022-02-14 10:57:26.431root 11241100x80000000000000002051684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0cf4e1f89f7b212022-02-14 10:57:26.432root 11241100x80000000000000002051685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cfc80b75f00eb32022-02-14 10:57:26.432root 11241100x80000000000000002051686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411fa84f50131f752022-02-14 10:57:26.432root 11241100x80000000000000002051687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f76e1d1b07fe6bf2022-02-14 10:57:26.432root 11241100x80000000000000002051688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27213faf0a0d3582022-02-14 10:57:26.432root 11241100x80000000000000002051689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052e84dddb2880f22022-02-14 10:57:26.432root 11241100x80000000000000002051690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04096be68c04df02022-02-14 10:57:26.432root 11241100x80000000000000002051691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbc6351d522958e2022-02-14 10:57:26.432root 11241100x80000000000000002051692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da44723f9508d502022-02-14 10:57:26.432root 11241100x80000000000000002051693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2f4f64c34aad082022-02-14 10:57:26.433root 11241100x80000000000000002051694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4559a2e8fe38f52022-02-14 10:57:26.930root 11241100x80000000000000002051695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de17719da4c667732022-02-14 10:57:26.930root 11241100x80000000000000002051696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce77b994708830a2022-02-14 10:57:26.930root 11241100x80000000000000002051697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcb56fec5462a312022-02-14 10:57:26.931root 11241100x80000000000000002051698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873da6d9cc4448772022-02-14 10:57:26.931root 11241100x80000000000000002051699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a00f752e15a1d42022-02-14 10:57:26.931root 11241100x80000000000000002051700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd583e39d6bca7ae2022-02-14 10:57:26.931root 11241100x80000000000000002051701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4addec4960f37b2022-02-14 10:57:26.931root 11241100x80000000000000002051702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1dff99debdfcea2022-02-14 10:57:26.931root 11241100x80000000000000002051703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d48e7845cd77732022-02-14 10:57:26.931root 11241100x80000000000000002051704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f96d90e4f1a08e2022-02-14 10:57:26.931root 11241100x80000000000000002051705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcd1d3aa75091812022-02-14 10:57:26.931root 11241100x80000000000000002051706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490dd614be3084ea2022-02-14 10:57:26.931root 11241100x80000000000000002051707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b09c488a52aa5c2022-02-14 10:57:26.932root 11241100x80000000000000002051708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2398f0d460de34102022-02-14 10:57:26.932root 11241100x80000000000000002051709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b468efaa7ef5d882022-02-14 10:57:26.932root 11241100x80000000000000002051710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4753296e5c3c2a412022-02-14 10:57:26.932root 11241100x80000000000000002051711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:26.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf13a2935d6e8eeb2022-02-14 10:57:26.932root 11241100x80000000000000002051712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2df5662dfe80d22022-02-14 10:57:27.430root 11241100x80000000000000002051713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036ca9b050f889d22022-02-14 10:57:27.430root 11241100x80000000000000002051714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004d75e5ae8594842022-02-14 10:57:27.430root 11241100x80000000000000002051715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a855ccafcde12492022-02-14 10:57:27.430root 11241100x80000000000000002051716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ee05dbc183ad682022-02-14 10:57:27.431root 11241100x80000000000000002051717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60745288da8e6de92022-02-14 10:57:27.431root 11241100x80000000000000002051718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ea59626f8d9e192022-02-14 10:57:27.431root 11241100x80000000000000002051719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5331ce5d3d684e2022-02-14 10:57:27.431root 11241100x80000000000000002051720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad026724d1c2f3172022-02-14 10:57:27.431root 11241100x80000000000000002051721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8ab66d13eacee02022-02-14 10:57:27.431root 11241100x80000000000000002051722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48bc9b8db0ff5492022-02-14 10:57:27.431root 11241100x80000000000000002051723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdce9ab75b68a0d72022-02-14 10:57:27.431root 11241100x80000000000000002051724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaafbb6d13538f02022-02-14 10:57:27.431root 11241100x80000000000000002051725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f0f24641e20a642022-02-14 10:57:27.431root 11241100x80000000000000002051726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26d4ada2ed384ec2022-02-14 10:57:27.431root 11241100x80000000000000002051727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb6fbc311be47da2022-02-14 10:57:27.431root 11241100x80000000000000002051728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e527817e3fdcb32022-02-14 10:57:27.431root 11241100x80000000000000002051729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a74a665f3337ca42022-02-14 10:57:27.432root 11241100x80000000000000002051730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e5a2d3de3aaf0a2022-02-14 10:57:27.930root 11241100x80000000000000002051731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281b0fa76689f4442022-02-14 10:57:27.930root 11241100x80000000000000002051732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83496c980c97b5f12022-02-14 10:57:27.930root 11241100x80000000000000002051733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31945e38cd884cb02022-02-14 10:57:27.930root 11241100x80000000000000002051734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49068cd0c631079e2022-02-14 10:57:27.931root 11241100x80000000000000002051735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d3551b6eb992b22022-02-14 10:57:27.931root 11241100x80000000000000002051736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8837a3829630e95b2022-02-14 10:57:27.931root 11241100x80000000000000002051737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e577ab79f7bc540c2022-02-14 10:57:27.931root 11241100x80000000000000002051738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912ca20a1bcee26e2022-02-14 10:57:27.931root 11241100x80000000000000002051739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9167dcfc32e3e4472022-02-14 10:57:27.931root 11241100x80000000000000002051740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbe2e28c091cca02022-02-14 10:57:27.931root 11241100x80000000000000002051741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fbb09b06bb876e2022-02-14 10:57:27.931root 11241100x80000000000000002051742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e645fb3ecde9b12022-02-14 10:57:27.931root 11241100x80000000000000002051743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15de497602f456692022-02-14 10:57:27.931root 11241100x80000000000000002051744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a093a09fc72c52b82022-02-14 10:57:27.931root 11241100x80000000000000002051745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee3eb70b7e811d52022-02-14 10:57:27.931root 11241100x80000000000000002051746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd4edfd567074472022-02-14 10:57:27.931root 11241100x80000000000000002051747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ac40e0da5edee02022-02-14 10:57:27.931root 354300x80000000000000002051748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.161{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54706-false10.0.1.12-8000- 11241100x80000000000000002051749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a94b502cfd41e02022-02-14 10:57:28.430root 11241100x80000000000000002051750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c7531bad492c792022-02-14 10:57:28.430root 11241100x80000000000000002051751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aae3aa0e4ab96432022-02-14 10:57:28.431root 11241100x80000000000000002051752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8a355e414447d32022-02-14 10:57:28.431root 11241100x80000000000000002051753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d4a1d7b48222a62022-02-14 10:57:28.431root 11241100x80000000000000002051754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f843d9728cccecc2022-02-14 10:57:28.431root 11241100x80000000000000002051755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cda605f6cc1e792022-02-14 10:57:28.431root 11241100x80000000000000002051756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be7ef1abb2546ab2022-02-14 10:57:28.431root 11241100x80000000000000002051757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec84f7e21d63d16c2022-02-14 10:57:28.431root 11241100x80000000000000002051758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c273464478aef62022-02-14 10:57:28.431root 11241100x80000000000000002051759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832c0d6a7c7e89712022-02-14 10:57:28.432root 11241100x80000000000000002051760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdd9092f29618872022-02-14 10:57:28.432root 11241100x80000000000000002051761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c2779ed1c4f67e2022-02-14 10:57:28.432root 11241100x80000000000000002051762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46304ac5bb977c52022-02-14 10:57:28.432root 11241100x80000000000000002051763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a5e2889b51b71d2022-02-14 10:57:28.432root 11241100x80000000000000002051764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a59980c9a4fe4e72022-02-14 10:57:28.432root 11241100x80000000000000002051765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bc9374cc08e03a2022-02-14 10:57:28.432root 11241100x80000000000000002051766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80d20f1cbdb23db2022-02-14 10:57:28.432root 11241100x80000000000000002051767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2669ba1b846858452022-02-14 10:57:28.432root 11241100x80000000000000002051768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e9e47e2596f3812022-02-14 10:57:28.930root 11241100x80000000000000002051769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ce546dd9fb969c2022-02-14 10:57:28.931root 11241100x80000000000000002051770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34a94206376223b2022-02-14 10:57:28.931root 11241100x80000000000000002051771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95b6fcb05b3bd722022-02-14 10:57:28.931root 11241100x80000000000000002051772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806f1133405ba1b42022-02-14 10:57:28.931root 11241100x80000000000000002051773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917fcce668b3b1ec2022-02-14 10:57:28.931root 11241100x80000000000000002051774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46096b597abff0372022-02-14 10:57:28.931root 11241100x80000000000000002051775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57b91e14acc42d22022-02-14 10:57:28.931root 11241100x80000000000000002051776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647c98447638189f2022-02-14 10:57:28.931root 11241100x80000000000000002051777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafd6947f196325a2022-02-14 10:57:28.931root 11241100x80000000000000002051778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82eba448eb285d42022-02-14 10:57:28.931root 11241100x80000000000000002051779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffe26d08edbde072022-02-14 10:57:28.932root 11241100x80000000000000002051780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d8d6ecf4cb47ea2022-02-14 10:57:28.932root 11241100x80000000000000002051781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38783d429155e9e2022-02-14 10:57:28.932root 11241100x80000000000000002051782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eea78654e9c2262022-02-14 10:57:28.932root 11241100x80000000000000002051783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad76dfccf4f0fb012022-02-14 10:57:28.932root 11241100x80000000000000002051784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3931b1e3a919dab52022-02-14 10:57:28.932root 11241100x80000000000000002051785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79d270030b19b852022-02-14 10:57:28.932root 11241100x80000000000000002051786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70a0355e10725982022-02-14 10:57:28.932root 11241100x80000000000000002051787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83cefd27b2c18162022-02-14 10:57:29.430root 11241100x80000000000000002051788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c80e23eebcef9552022-02-14 10:57:29.430root 11241100x80000000000000002051789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce247e0ff3212d342022-02-14 10:57:29.430root 11241100x80000000000000002051790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7893b0f9a48efb432022-02-14 10:57:29.431root 11241100x80000000000000002051791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cd37ff6a2db06a2022-02-14 10:57:29.431root 11241100x80000000000000002051792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb7680954b1e1592022-02-14 10:57:29.431root 11241100x80000000000000002051793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a03607cd4448ab92022-02-14 10:57:29.431root 11241100x80000000000000002051794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136363ca4ba338b32022-02-14 10:57:29.431root 11241100x80000000000000002051795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25399e63e4daeca42022-02-14 10:57:29.431root 11241100x80000000000000002051796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a615c0c32609d7b2022-02-14 10:57:29.431root 11241100x80000000000000002051797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2fcc0c9b4b14ca2022-02-14 10:57:29.431root 11241100x80000000000000002051798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97073684b524cca2022-02-14 10:57:29.431root 11241100x80000000000000002051799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab91d0eeee29ae02022-02-14 10:57:29.431root 11241100x80000000000000002051800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bff0a21e5127f7f2022-02-14 10:57:29.432root 11241100x80000000000000002051801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b003e2fb7ba9c4fb2022-02-14 10:57:29.432root 11241100x80000000000000002051802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeefa1f36aa94062022-02-14 10:57:29.432root 11241100x80000000000000002051803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f8fc32ae74ca5b2022-02-14 10:57:29.432root 11241100x80000000000000002051804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1219c84be8b97ae82022-02-14 10:57:29.432root 11241100x80000000000000002051805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd427975453fb162022-02-14 10:57:29.432root 11241100x80000000000000002051806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ce40e3394dcf702022-02-14 10:57:29.930root 11241100x80000000000000002051807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5429f0fa9e7bf62022-02-14 10:57:29.931root 11241100x80000000000000002051808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09be6b6d90668ce82022-02-14 10:57:29.931root 11241100x80000000000000002051809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9772edc8fc8b3a672022-02-14 10:57:29.931root 11241100x80000000000000002051810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b860232ac4e42bd2022-02-14 10:57:29.931root 11241100x80000000000000002051811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6aee30fdea5867c2022-02-14 10:57:29.931root 11241100x80000000000000002051812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495bc7ab2e8d3cf42022-02-14 10:57:29.931root 11241100x80000000000000002051813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4339abfba3444372022-02-14 10:57:29.932root 11241100x80000000000000002051814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8659a2d1ef27139d2022-02-14 10:57:29.932root 11241100x80000000000000002051815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2eb48b98d380aa2022-02-14 10:57:29.932root 11241100x80000000000000002051816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64539ff3b253ecc2022-02-14 10:57:29.932root 11241100x80000000000000002051817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59de6f9af36a1d442022-02-14 10:57:29.932root 11241100x80000000000000002051818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9857d57dda5f73812022-02-14 10:57:29.932root 11241100x80000000000000002051819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8676a1af18593bb72022-02-14 10:57:29.933root 11241100x80000000000000002051820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65aee2bb696934ff2022-02-14 10:57:29.933root 11241100x80000000000000002051821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d8ed5afff6ac3b2022-02-14 10:57:29.934root 11241100x80000000000000002051822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e61d59d778e1f952022-02-14 10:57:29.934root 11241100x80000000000000002051823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052c89320f46ffb02022-02-14 10:57:29.934root 11241100x80000000000000002051824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e45c86118e79142022-02-14 10:57:29.934root 11241100x80000000000000002051825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64ed64af649c54d2022-02-14 10:57:30.430root 11241100x80000000000000002051826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e307d2aa4f8c21f02022-02-14 10:57:30.430root 11241100x80000000000000002051827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d9953c6ec3c7012022-02-14 10:57:30.431root 11241100x80000000000000002051828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a30c7ef53ac5a42022-02-14 10:57:30.431root 11241100x80000000000000002051829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ee4c42e26d99b42022-02-14 10:57:30.431root 11241100x80000000000000002051830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d81dc64d034a5c2022-02-14 10:57:30.431root 11241100x80000000000000002051831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7563756f3a7b8f2022-02-14 10:57:30.431root 11241100x80000000000000002051832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8979443c37c2abe32022-02-14 10:57:30.432root 11241100x80000000000000002051833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d309634f00ecdad2022-02-14 10:57:30.432root 11241100x80000000000000002051834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7dddb55aa34e792022-02-14 10:57:30.432root 11241100x80000000000000002051835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1ea31b4123e7002022-02-14 10:57:30.432root 11241100x80000000000000002051836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf6c1bc490cba5c2022-02-14 10:57:30.432root 11241100x80000000000000002051837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7944a07d6d7b419b2022-02-14 10:57:30.432root 11241100x80000000000000002051838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364b9510a7abcad12022-02-14 10:57:30.432root 11241100x80000000000000002051839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2598dcec91c06c632022-02-14 10:57:30.433root 11241100x80000000000000002051840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b813a31802b75a2022-02-14 10:57:30.433root 11241100x80000000000000002051841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc7c6dbe8f624c12022-02-14 10:57:30.434root 11241100x80000000000000002051842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb57ae4f01f07c72022-02-14 10:57:30.434root 11241100x80000000000000002051843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3a6c520ebca0bf2022-02-14 10:57:30.434root 11241100x80000000000000002051844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7037b25a8726d02022-02-14 10:57:30.930root 11241100x80000000000000002051845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b05f62e30fb3b42022-02-14 10:57:30.931root 11241100x80000000000000002051846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8911c08b65a5512022-02-14 10:57:30.931root 11241100x80000000000000002051847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacd0800f26565132022-02-14 10:57:30.931root 11241100x80000000000000002051848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc96bc016ebd2dd2022-02-14 10:57:30.931root 11241100x80000000000000002051849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3e04ef2b57cbd82022-02-14 10:57:30.931root 11241100x80000000000000002051850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6da8c1e6acbb7662022-02-14 10:57:30.932root 11241100x80000000000000002051851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3663a219dcc5a862022-02-14 10:57:30.932root 11241100x80000000000000002051852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1ac372e3ff40f32022-02-14 10:57:30.933root 11241100x80000000000000002051853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b677d28d03efdc2022-02-14 10:57:30.933root 11241100x80000000000000002051854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d7f87c9cefa72d2022-02-14 10:57:30.933root 11241100x80000000000000002051855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697333790d1109c22022-02-14 10:57:30.935root 11241100x80000000000000002051856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f213e9d955b9a4d2022-02-14 10:57:30.935root 11241100x80000000000000002051857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5852c256ca18c32a2022-02-14 10:57:30.935root 11241100x80000000000000002051858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558a722d73ba4ef12022-02-14 10:57:30.935root 11241100x80000000000000002051859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1321698ebdc2fbb2022-02-14 10:57:30.935root 11241100x80000000000000002051860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2151b6ded5a8a4952022-02-14 10:57:30.935root 11241100x80000000000000002051861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce088968bff9e122022-02-14 10:57:30.935root 11241100x80000000000000002051862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:30.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5342cefd4e0c9a812022-02-14 10:57:30.936root 11241100x80000000000000002051863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df29a42866cb70a82022-02-14 10:57:31.430root 11241100x80000000000000002051864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72df6990c59f508a2022-02-14 10:57:31.431root 11241100x80000000000000002051865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edab94d2465da0b2022-02-14 10:57:31.431root 11241100x80000000000000002051866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbbac6f06f918562022-02-14 10:57:31.431root 11241100x80000000000000002051867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4664f37c14f4feb12022-02-14 10:57:31.431root 11241100x80000000000000002051868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0482ac6bce815c082022-02-14 10:57:31.431root 11241100x80000000000000002051869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1d4c269af3a7462022-02-14 10:57:31.431root 11241100x80000000000000002051870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9ba563a22587ea2022-02-14 10:57:31.432root 11241100x80000000000000002051871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b2b42872c6af0a2022-02-14 10:57:31.432root 11241100x80000000000000002051872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c71c6a3e4a9f4af2022-02-14 10:57:31.433root 11241100x80000000000000002051873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49accc52cbac9e132022-02-14 10:57:31.433root 11241100x80000000000000002051874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924dde60d96641882022-02-14 10:57:31.433root 11241100x80000000000000002051875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc802fff65c24d5f2022-02-14 10:57:31.433root 11241100x80000000000000002051876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb1d5c7e7ec64bc2022-02-14 10:57:31.433root 11241100x80000000000000002051877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af76ad93a83e24a2022-02-14 10:57:31.435root 11241100x80000000000000002051878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928eed3de1dd70f02022-02-14 10:57:31.435root 11241100x80000000000000002051879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4419e63f61661b7c2022-02-14 10:57:31.435root 11241100x80000000000000002051880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2378dc74a7ed1d222022-02-14 10:57:31.435root 11241100x80000000000000002051881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45e6510bf57552a2022-02-14 10:57:31.435root 11241100x80000000000000002051882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79c9df4715d72962022-02-14 10:57:31.930root 11241100x80000000000000002051883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adafbbbb9e3d47f2022-02-14 10:57:31.930root 11241100x80000000000000002051884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bf6f3b8fbbe7642022-02-14 10:57:31.930root 11241100x80000000000000002051885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9e99468138b1742022-02-14 10:57:31.930root 11241100x80000000000000002051886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ff571901169cfa2022-02-14 10:57:31.931root 11241100x80000000000000002051887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d43c8eb09a83a312022-02-14 10:57:31.931root 11241100x80000000000000002051888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86151fdc322322e62022-02-14 10:57:31.931root 11241100x80000000000000002051889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea7b998cccf2dc72022-02-14 10:57:31.931root 11241100x80000000000000002051890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9233479cd9aa5c2022-02-14 10:57:31.931root 11241100x80000000000000002051891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05b5ada2c6c6b6b2022-02-14 10:57:31.931root 11241100x80000000000000002051892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dcd1973fedf8452022-02-14 10:57:31.931root 11241100x80000000000000002051893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93483fd602a1cf42022-02-14 10:57:31.931root 11241100x80000000000000002051894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55af43475054cc862022-02-14 10:57:31.931root 11241100x80000000000000002051895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac20c053fb2424632022-02-14 10:57:31.931root 11241100x80000000000000002051896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87a1f1f6603cc522022-02-14 10:57:31.931root 11241100x80000000000000002051897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06379eadba3e37112022-02-14 10:57:31.931root 11241100x80000000000000002051898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e1b7f89d99ff1b2022-02-14 10:57:31.931root 11241100x80000000000000002051899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1bede1e533e0bd2022-02-14 10:57:31.931root 11241100x80000000000000002051900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c120da4f0e3740412022-02-14 10:57:31.931root 11241100x80000000000000002051901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a2876dd3106f032022-02-14 10:57:32.430root 11241100x80000000000000002051902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f7dafa084bb1422022-02-14 10:57:32.430root 11241100x80000000000000002051903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd610d529107066d2022-02-14 10:57:32.430root 11241100x80000000000000002051904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d09da1287986a102022-02-14 10:57:32.430root 11241100x80000000000000002051905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f387e86ffe451d32022-02-14 10:57:32.431root 11241100x80000000000000002051906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127e3af2ead8daa82022-02-14 10:57:32.431root 11241100x80000000000000002051907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c66ec82f29a2e62022-02-14 10:57:32.431root 11241100x80000000000000002051908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0874d17b11cdfa2022-02-14 10:57:32.431root 11241100x80000000000000002051909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f46c76ae0e913332022-02-14 10:57:32.431root 11241100x80000000000000002051910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79ed9e5f578cb312022-02-14 10:57:32.431root 11241100x80000000000000002051911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af9786e7f4fb7342022-02-14 10:57:32.431root 11241100x80000000000000002051912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4363ad4cbf5b0d392022-02-14 10:57:32.431root 11241100x80000000000000002051913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32a9c224fa5d1c22022-02-14 10:57:32.431root 11241100x80000000000000002051914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c0b6baaa850be62022-02-14 10:57:32.431root 11241100x80000000000000002051915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad855fb0476504f32022-02-14 10:57:32.431root 11241100x80000000000000002051916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab8cd52ee6efdfc2022-02-14 10:57:32.432root 11241100x80000000000000002051917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d201a9221ea386e2022-02-14 10:57:32.432root 11241100x80000000000000002051918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b64e11cfedaffa2022-02-14 10:57:32.432root 11241100x80000000000000002051919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385823be508664d82022-02-14 10:57:32.432root 11241100x80000000000000002051920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ba53e0f54423e42022-02-14 10:57:32.930root 11241100x80000000000000002051921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c275e26400529b2022-02-14 10:57:32.930root 11241100x80000000000000002051922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac336d45d3d6e222022-02-14 10:57:32.931root 11241100x80000000000000002051923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22778dd7f63c3cd82022-02-14 10:57:32.931root 11241100x80000000000000002051924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97141dc31c5cac122022-02-14 10:57:32.931root 11241100x80000000000000002051925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62f6bd55b9aa83c2022-02-14 10:57:32.931root 11241100x80000000000000002051926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac718487490d56202022-02-14 10:57:32.931root 11241100x80000000000000002051927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc623a5667f095b2022-02-14 10:57:32.931root 11241100x80000000000000002051928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efd9e01e2e13c8b2022-02-14 10:57:32.931root 11241100x80000000000000002051929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dbe2973a8cbcc62022-02-14 10:57:32.931root 11241100x80000000000000002051930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e1800c3156e9c72022-02-14 10:57:32.931root 11241100x80000000000000002051931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc720aac2f9cfe42022-02-14 10:57:32.931root 11241100x80000000000000002051932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85d6d9d83106f2c2022-02-14 10:57:32.932root 11241100x80000000000000002051933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063aae762f8e70652022-02-14 10:57:32.932root 11241100x80000000000000002051934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8954215bfd345fa2022-02-14 10:57:32.932root 11241100x80000000000000002051935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b3bcc3bd5808d62022-02-14 10:57:32.932root 11241100x80000000000000002051936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684dccdfef2756a32022-02-14 10:57:32.932root 11241100x80000000000000002051937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3681321d501383a92022-02-14 10:57:32.932root 11241100x80000000000000002051938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223d04b674db85ef2022-02-14 10:57:32.932root 354300x80000000000000002051939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.195{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54708-false10.0.1.12-8000- 11241100x80000000000000002051940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dc9ccca3413cca2022-02-14 10:57:33.196root 11241100x80000000000000002051941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc40fa014af240622022-02-14 10:57:33.196root 11241100x80000000000000002051942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3e33d2a829cb1e2022-02-14 10:57:33.196root 11241100x80000000000000002051943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a1829d87d6b9cd2022-02-14 10:57:33.196root 11241100x80000000000000002051944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2733a85b83cb0e2022-02-14 10:57:33.197root 11241100x80000000000000002051945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ba84c50d3285832022-02-14 10:57:33.197root 11241100x80000000000000002051946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59dc03d52dee9002022-02-14 10:57:33.197root 11241100x80000000000000002051947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7047e9255f40112022-02-14 10:57:33.197root 11241100x80000000000000002051948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0744fc4386e1592022-02-14 10:57:33.197root 11241100x80000000000000002051949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586808c957d7c7c02022-02-14 10:57:33.197root 11241100x80000000000000002051950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cee3a6400a421362022-02-14 10:57:33.197root 11241100x80000000000000002051951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b759900507425792022-02-14 10:57:33.197root 11241100x80000000000000002051952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fab9473e0d329e2022-02-14 10:57:33.198root 11241100x80000000000000002051953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f67f2cdf952065c2022-02-14 10:57:33.198root 11241100x80000000000000002051954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a85f1e1dd622a702022-02-14 10:57:33.198root 11241100x80000000000000002051955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf6de97c6099212022-02-14 10:57:33.198root 11241100x80000000000000002051956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f3f4cc6867bf802022-02-14 10:57:33.198root 11241100x80000000000000002051957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be23b4ea468d9be32022-02-14 10:57:33.198root 11241100x80000000000000002051958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d4d04e796c470a2022-02-14 10:57:33.198root 11241100x80000000000000002051959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae666eaa0eadabc92022-02-14 10:57:33.198root 11241100x80000000000000002051960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd36c0f9bd03d612022-02-14 10:57:33.198root 11241100x80000000000000002051961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc17f6b4755e69a22022-02-14 10:57:33.198root 11241100x80000000000000002051962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1645760b58b7932022-02-14 10:57:33.199root 11241100x80000000000000002051963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c20728ded6fb2fd2022-02-14 10:57:33.680root 11241100x80000000000000002051964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b6e1d38f9dd5932022-02-14 10:57:33.680root 11241100x80000000000000002051965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d127b664c8bb852022-02-14 10:57:33.681root 11241100x80000000000000002051966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3909726f24821cc32022-02-14 10:57:33.681root 11241100x80000000000000002051967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfc40c76e94743f2022-02-14 10:57:33.681root 11241100x80000000000000002051968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093f5be55d06d0b02022-02-14 10:57:33.681root 11241100x80000000000000002051969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f3db5e361e75ae2022-02-14 10:57:33.681root 11241100x80000000000000002051970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb345b66622e93302022-02-14 10:57:33.681root 11241100x80000000000000002051971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18afba86857b60c32022-02-14 10:57:33.681root 11241100x80000000000000002051972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1755dc010dfb375e2022-02-14 10:57:33.681root 11241100x80000000000000002051973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f206353c61c6a56e2022-02-14 10:57:33.682root 11241100x80000000000000002051974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb4865c561889c92022-02-14 10:57:33.682root 11241100x80000000000000002051975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a688eddab18995fc2022-02-14 10:57:33.682root 11241100x80000000000000002051976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a4b3a9aedd6bad2022-02-14 10:57:33.683root 11241100x80000000000000002051977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fdf6c623f09e562022-02-14 10:57:33.684root 11241100x80000000000000002051978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d64a59dc65d5e652022-02-14 10:57:33.684root 11241100x80000000000000002051979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2496d546e3aaa242022-02-14 10:57:33.684root 11241100x80000000000000002051980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f5467efba4a1842022-02-14 10:57:33.684root 11241100x80000000000000002051981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521e96d70be0ea452022-02-14 10:57:33.685root 11241100x80000000000000002051982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286f61fabdeb79b62022-02-14 10:57:33.685root 11241100x80000000000000002051983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a84dbaf9c6f14e2022-02-14 10:57:34.180root 11241100x80000000000000002051984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf4712456219acb2022-02-14 10:57:34.181root 11241100x80000000000000002051985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300b7a8dff2a1baf2022-02-14 10:57:34.181root 11241100x80000000000000002051986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c634740025152d6d2022-02-14 10:57:34.181root 11241100x80000000000000002051987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8410e9eaa749341c2022-02-14 10:57:34.181root 11241100x80000000000000002051988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020ed8465dc11ff52022-02-14 10:57:34.182root 11241100x80000000000000002051989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40060f17d0c9e2952022-02-14 10:57:34.182root 11241100x80000000000000002051990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717fa7a5024a1c8c2022-02-14 10:57:34.182root 11241100x80000000000000002051991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa610de854f829de2022-02-14 10:57:34.182root 11241100x80000000000000002051992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187045dd3067bcf52022-02-14 10:57:34.182root 11241100x80000000000000002051993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af42e548afc47ec22022-02-14 10:57:34.183root 11241100x80000000000000002051994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1582ebeb8abbe7292022-02-14 10:57:34.183root 11241100x80000000000000002051995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799cceb98180af202022-02-14 10:57:34.183root 11241100x80000000000000002051996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1966396db9f51c12022-02-14 10:57:34.183root 11241100x80000000000000002051997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2950ccf64ab80c2022-02-14 10:57:34.183root 11241100x80000000000000002051998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0215bafc246108322022-02-14 10:57:34.184root 11241100x80000000000000002051999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366fb3089eada5cd2022-02-14 10:57:34.184root 11241100x80000000000000002052000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb001ef70d6417e2022-02-14 10:57:34.185root 11241100x80000000000000002052001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b457250e39b7a7d2022-02-14 10:57:34.185root 11241100x80000000000000002052002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c198825aafb0cff72022-02-14 10:57:34.185root 11241100x80000000000000002052003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5cda2bbe0abaed2022-02-14 10:57:34.680root 11241100x80000000000000002052004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a828d0345730e3b2022-02-14 10:57:34.681root 11241100x80000000000000002052005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08731f799d447eb12022-02-14 10:57:34.681root 11241100x80000000000000002052006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2829de59d162a4c62022-02-14 10:57:34.681root 11241100x80000000000000002052007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071d72f4906c1f2c2022-02-14 10:57:34.681root 11241100x80000000000000002052008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08a2dfcebb724db2022-02-14 10:57:34.681root 11241100x80000000000000002052009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3960850741d0fad42022-02-14 10:57:34.682root 11241100x80000000000000002052010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4116d486ca1be02022-02-14 10:57:34.682root 11241100x80000000000000002052011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2698d87f4cc9b22e2022-02-14 10:57:34.682root 11241100x80000000000000002052012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78db694e616b0ef2022-02-14 10:57:34.682root 11241100x80000000000000002052013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f54fc5203106332022-02-14 10:57:34.682root 11241100x80000000000000002052014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca2cb8cce2b06212022-02-14 10:57:34.683root 11241100x80000000000000002052015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5093c85cef74a1d62022-02-14 10:57:34.683root 11241100x80000000000000002052016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d01871e7b2802c32022-02-14 10:57:34.683root 11241100x80000000000000002052017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a967e0372da3252022-02-14 10:57:34.683root 11241100x80000000000000002052018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b55005b8ee773b42022-02-14 10:57:34.683root 11241100x80000000000000002052019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ebe816d9d1a8752022-02-14 10:57:34.683root 11241100x80000000000000002052020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f51157faa3535ab2022-02-14 10:57:34.683root 11241100x80000000000000002052021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df7a477ec695d4a2022-02-14 10:57:34.683root 11241100x80000000000000002052022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028bd87e7d0ab6272022-02-14 10:57:34.684root 11241100x80000000000000002052023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dce292d955a51e2022-02-14 10:57:35.180root 11241100x80000000000000002052024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7742a9486aea77202022-02-14 10:57:35.181root 11241100x80000000000000002052025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d66398e6095db62022-02-14 10:57:35.181root 11241100x80000000000000002052026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bbda07dc21b8922022-02-14 10:57:35.181root 11241100x80000000000000002052027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e264de7e0dbebe82022-02-14 10:57:35.181root 11241100x80000000000000002052028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b9384b3e181d0e2022-02-14 10:57:35.181root 11241100x80000000000000002052029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d268402604ce6202022-02-14 10:57:35.181root 11241100x80000000000000002052030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5cd2ebeafc581c2022-02-14 10:57:35.181root 11241100x80000000000000002052031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3890ba85266f6362022-02-14 10:57:35.181root 11241100x80000000000000002052032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c3c8019244ba722022-02-14 10:57:35.181root 11241100x80000000000000002052033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f62ea03f213486f2022-02-14 10:57:35.182root 11241100x80000000000000002052034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed04df8fd9139b882022-02-14 10:57:35.182root 11241100x80000000000000002052035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f3de7ad4ed74c52022-02-14 10:57:35.182root 11241100x80000000000000002052036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358f7e965368fe0d2022-02-14 10:57:35.182root 11241100x80000000000000002052037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66a7693c5099f372022-02-14 10:57:35.182root 11241100x80000000000000002052038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c223043722b528bf2022-02-14 10:57:35.182root 11241100x80000000000000002052039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63fc3832bfb18882022-02-14 10:57:35.182root 11241100x80000000000000002052040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e2d9f9cff908f72022-02-14 10:57:35.182root 11241100x80000000000000002052041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ef1490ab7face22022-02-14 10:57:35.182root 11241100x80000000000000002052042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3095e7d4ff20512022-02-14 10:57:35.182root 11241100x80000000000000002052043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d76d885a98ab4e52022-02-14 10:57:35.680root 11241100x80000000000000002052044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5276d16aafa6ed502022-02-14 10:57:35.681root 11241100x80000000000000002052045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d89a22e8641728c2022-02-14 10:57:35.681root 11241100x80000000000000002052046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6738bfd45be45752022-02-14 10:57:35.681root 11241100x80000000000000002052047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e72857397f43e22022-02-14 10:57:35.681root 11241100x80000000000000002052048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9c3b349dfd2d862022-02-14 10:57:35.681root 11241100x80000000000000002052049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0261ed71b8ec54052022-02-14 10:57:35.681root 11241100x80000000000000002052050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1805d0f75b2090542022-02-14 10:57:35.681root 11241100x80000000000000002052051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc77b7ba52bf4392022-02-14 10:57:35.681root 11241100x80000000000000002052052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a94cc1ba09283af2022-02-14 10:57:35.681root 11241100x80000000000000002052053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5963a177cda77a92022-02-14 10:57:35.682root 11241100x80000000000000002052054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458b72cef14feda32022-02-14 10:57:35.682root 11241100x80000000000000002052055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ebfe5a3d7855052022-02-14 10:57:35.682root 11241100x80000000000000002052056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659a96bfe256ff9e2022-02-14 10:57:35.682root 11241100x80000000000000002052057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2851602402bc6cdd2022-02-14 10:57:35.682root 11241100x80000000000000002052058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574a9377bdfe719b2022-02-14 10:57:35.682root 11241100x80000000000000002052059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e64fc2d1b6dd75d2022-02-14 10:57:35.682root 11241100x80000000000000002052060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc64ed16e2f6d612022-02-14 10:57:35.682root 11241100x80000000000000002052061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fcb6429ad14ad62022-02-14 10:57:35.682root 11241100x80000000000000002052062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:35.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53b025140e7c1342022-02-14 10:57:35.683root 11241100x80000000000000002052063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cfade2923dc4ac2022-02-14 10:57:36.180root 11241100x80000000000000002052064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821380d9df91b8742022-02-14 10:57:36.180root 11241100x80000000000000002052065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4d4c3a10eca3602022-02-14 10:57:36.180root 11241100x80000000000000002052066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e831b1fa8efece692022-02-14 10:57:36.181root 11241100x80000000000000002052067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae40e2e12062a202022-02-14 10:57:36.181root 11241100x80000000000000002052068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ca6f6a9a94924d2022-02-14 10:57:36.181root 11241100x80000000000000002052069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c0a1c217953a472022-02-14 10:57:36.181root 11241100x80000000000000002052070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601e3fc4063720622022-02-14 10:57:36.181root 11241100x80000000000000002052071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33faf6c914c451b2022-02-14 10:57:36.181root 11241100x80000000000000002052072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9909c4139ffee22022-02-14 10:57:36.181root 11241100x80000000000000002052073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a8e0da85a0e5d82022-02-14 10:57:36.181root 11241100x80000000000000002052074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61076f94515c9c2b2022-02-14 10:57:36.181root 11241100x80000000000000002052075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95daf64eeefe57842022-02-14 10:57:36.182root 11241100x80000000000000002052076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af835b0f09a86fe2022-02-14 10:57:36.182root 11241100x80000000000000002052077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00ee9477e6f50ec2022-02-14 10:57:36.182root 11241100x80000000000000002052078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd097001a89475042022-02-14 10:57:36.182root 11241100x80000000000000002052079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32c524efe97d1632022-02-14 10:57:36.182root 11241100x80000000000000002052080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0549b157367f84a2022-02-14 10:57:36.182root 11241100x80000000000000002052081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060a8cc47c94c0b52022-02-14 10:57:36.182root 11241100x80000000000000002052082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39738b504e850442022-02-14 10:57:36.182root 11241100x80000000000000002052083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996d7891cde14bc82022-02-14 10:57:36.680root 11241100x80000000000000002052084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56f05d08dc4b0132022-02-14 10:57:36.681root 11241100x80000000000000002052085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b5400941aacf1c2022-02-14 10:57:36.681root 11241100x80000000000000002052086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b289d5d3ef5e0ca2022-02-14 10:57:36.681root 11241100x80000000000000002052087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909ec942344c0c3c2022-02-14 10:57:36.681root 11241100x80000000000000002052088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bbc61d054038532022-02-14 10:57:36.681root 11241100x80000000000000002052089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f853a2549cb33b2022-02-14 10:57:36.681root 11241100x80000000000000002052090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cf6250c6debe2d2022-02-14 10:57:36.682root 11241100x80000000000000002052091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f38a982e7610bd2022-02-14 10:57:36.682root 11241100x80000000000000002052092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8091ac4919d04422022-02-14 10:57:36.682root 11241100x80000000000000002052093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d567e580cfbc7f82022-02-14 10:57:36.683root 11241100x80000000000000002052094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d54e252ebc649932022-02-14 10:57:36.683root 11241100x80000000000000002052095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b807d90c3eaf45a2022-02-14 10:57:36.683root 11241100x80000000000000002052096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5f8e468048c5ad2022-02-14 10:57:36.683root 11241100x80000000000000002052097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfab9ef73f8f88ba2022-02-14 10:57:36.683root 11241100x80000000000000002052098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfb4e9ae04f39d32022-02-14 10:57:36.683root 11241100x80000000000000002052099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ddea81da0796f72022-02-14 10:57:36.683root 11241100x80000000000000002052100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8d1b824ebabec42022-02-14 10:57:36.683root 11241100x80000000000000002052101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01eb5b91fb4c83712022-02-14 10:57:36.684root 11241100x80000000000000002052102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:36.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deafad5374c98b812022-02-14 10:57:36.684root 11241100x80000000000000002052103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04f2b2e5016e8072022-02-14 10:57:37.180root 11241100x80000000000000002052104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ddfd79bab3468f2022-02-14 10:57:37.181root 11241100x80000000000000002052105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1719c3bde45097622022-02-14 10:57:37.181root 11241100x80000000000000002052106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80a33e8b5f41ea22022-02-14 10:57:37.181root 11241100x80000000000000002052107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f488d6ce251b2ab32022-02-14 10:57:37.181root 11241100x80000000000000002052108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277695c4c928e2f72022-02-14 10:57:37.181root 11241100x80000000000000002052109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a24c480c696c952022-02-14 10:57:37.181root 11241100x80000000000000002052110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad42adcde12265bd2022-02-14 10:57:37.181root 11241100x80000000000000002052111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5ee3a4d5d2c0582022-02-14 10:57:37.181root 11241100x80000000000000002052112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a0b157d677a5b12022-02-14 10:57:37.181root 11241100x80000000000000002052113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ab59d323be3d2d2022-02-14 10:57:37.182root 11241100x80000000000000002052114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1652c21f15fd4dc2022-02-14 10:57:37.182root 11241100x80000000000000002052115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486c993e1971956c2022-02-14 10:57:37.182root 11241100x80000000000000002052116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1eb6457fb73bb522022-02-14 10:57:37.182root 11241100x80000000000000002052117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cc67af58a8173c2022-02-14 10:57:37.182root 11241100x80000000000000002052118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d423d78d742391ca2022-02-14 10:57:37.182root 11241100x80000000000000002052119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e1a09298ae970a2022-02-14 10:57:37.182root 11241100x80000000000000002052120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb8d5f9c97060242022-02-14 10:57:37.182root 11241100x80000000000000002052121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf11d868faf7d3e12022-02-14 10:57:37.182root 11241100x80000000000000002052122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c46a4431f9e2792022-02-14 10:57:37.182root 11241100x80000000000000002052123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f66255beaecd3902022-02-14 10:57:37.680root 11241100x80000000000000002052124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f051c7c03cdb17b52022-02-14 10:57:37.680root 11241100x80000000000000002052125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab551c20b4391dd2022-02-14 10:57:37.681root 11241100x80000000000000002052126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434d7f74329421042022-02-14 10:57:37.681root 11241100x80000000000000002052127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2176e77a108214f52022-02-14 10:57:37.681root 11241100x80000000000000002052128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a6d545a3be07382022-02-14 10:57:37.681root 11241100x80000000000000002052129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7b644df042ff5a2022-02-14 10:57:37.681root 11241100x80000000000000002052130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf214aec0026d14f2022-02-14 10:57:37.682root 11241100x80000000000000002052131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94129bddc90ef9732022-02-14 10:57:37.682root 11241100x80000000000000002052132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f44451e2e8d9862022-02-14 10:57:37.682root 11241100x80000000000000002052133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0a6ec9fdb9dffb2022-02-14 10:57:37.682root 11241100x80000000000000002052134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10b9d9ef309af4f2022-02-14 10:57:37.682root 11241100x80000000000000002052135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33f1099f4f42de12022-02-14 10:57:37.683root 11241100x80000000000000002052136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a15c144515fd9dc2022-02-14 10:57:37.683root 11241100x80000000000000002052137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68560076f2fe2b952022-02-14 10:57:37.683root 11241100x80000000000000002052138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6535c7b3fb42fdeb2022-02-14 10:57:37.683root 11241100x80000000000000002052139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4e28945c0e7eac2022-02-14 10:57:37.683root 11241100x80000000000000002052140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1093d714039517c22022-02-14 10:57:37.684root 11241100x80000000000000002052141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a604e6e5a2eceb92022-02-14 10:57:37.684root 11241100x80000000000000002052142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:37.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a25dbbdb62090b32022-02-14 10:57:37.684root 11241100x80000000000000002052143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b844b57846967742022-02-14 10:57:38.180root 11241100x80000000000000002052144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dfd5e11ad33cac2022-02-14 10:57:38.180root 11241100x80000000000000002052145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcf7d632bfc0c9e2022-02-14 10:57:38.181root 11241100x80000000000000002052146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3a3543f4f41a112022-02-14 10:57:38.181root 11241100x80000000000000002052147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d6be166543275b2022-02-14 10:57:38.181root 11241100x80000000000000002052148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c165e89ee3784672022-02-14 10:57:38.181root 11241100x80000000000000002052149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1e811a10dffede2022-02-14 10:57:38.181root 11241100x80000000000000002052150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63c74c20f53fead2022-02-14 10:57:38.182root 11241100x80000000000000002052151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34619e601bbd0f9c2022-02-14 10:57:38.182root 11241100x80000000000000002052152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f472bb69582c182022-02-14 10:57:38.182root 11241100x80000000000000002052153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499ca9ea5c7361ba2022-02-14 10:57:38.182root 11241100x80000000000000002052154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fd94111d1c1dba2022-02-14 10:57:38.182root 11241100x80000000000000002052155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3d43cacf0766f22022-02-14 10:57:38.182root 11241100x80000000000000002052156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf230875ba066022022-02-14 10:57:38.182root 11241100x80000000000000002052157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325bb631597365f02022-02-14 10:57:38.182root 11241100x80000000000000002052158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d8e47456693f292022-02-14 10:57:38.183root 11241100x80000000000000002052159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a9a182ca7a58712022-02-14 10:57:38.183root 11241100x80000000000000002052160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8e53950f319e792022-02-14 10:57:38.183root 11241100x80000000000000002052161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896790581526f8e52022-02-14 10:57:38.183root 11241100x80000000000000002052162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ced067e89506c42022-02-14 10:57:38.183root 11241100x80000000000000002052163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dae251977827872022-02-14 10:57:38.680root 11241100x80000000000000002052164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d03cc497ad143e82022-02-14 10:57:38.680root 11241100x80000000000000002052165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f70d502566d23252022-02-14 10:57:38.681root 11241100x80000000000000002052166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2890a3c0d73aaab82022-02-14 10:57:38.681root 11241100x80000000000000002052167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff734a2cb98d2982022-02-14 10:57:38.681root 11241100x80000000000000002052168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb1cdac8359b02f2022-02-14 10:57:38.681root 11241100x80000000000000002052169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea35491f1093115f2022-02-14 10:57:38.681root 11241100x80000000000000002052170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bf44f4c7f4bc9c2022-02-14 10:57:38.681root 11241100x80000000000000002052171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ff8093ac6fedce2022-02-14 10:57:38.681root 11241100x80000000000000002052172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25c0b718b0554f92022-02-14 10:57:38.681root 11241100x80000000000000002052173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8655fb2330c99d9b2022-02-14 10:57:38.681root 11241100x80000000000000002052174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cf317b3a28c0332022-02-14 10:57:38.681root 11241100x80000000000000002052175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbc1e017f29f75d2022-02-14 10:57:38.681root 11241100x80000000000000002052176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e93f59f6246bf2022-02-14 10:57:38.681root 11241100x80000000000000002052177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30a6e16c53349742022-02-14 10:57:38.681root 11241100x80000000000000002052178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d593b313c889d1ee2022-02-14 10:57:38.682root 11241100x80000000000000002052179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d0f51842b399d12022-02-14 10:57:38.682root 11241100x80000000000000002052180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d67a0a932b1bca2022-02-14 10:57:38.682root 11241100x80000000000000002052181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92ae370ecb32a542022-02-14 10:57:38.682root 11241100x80000000000000002052182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49501e3098a6a5f32022-02-14 10:57:38.682root 354300x80000000000000002052183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.018{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54710-false10.0.1.12-8000- 11241100x80000000000000002052184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fdd88e6ad266fe2022-02-14 10:57:39.020root 11241100x80000000000000002052185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b8bd400ca1e16c2022-02-14 10:57:39.020root 11241100x80000000000000002052186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded193654e8edfd22022-02-14 10:57:39.020root 11241100x80000000000000002052187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635ba373757dc19d2022-02-14 10:57:39.020root 11241100x80000000000000002052188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.021{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4026ec881c823c972022-02-14 10:57:39.021root 11241100x80000000000000002052189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.021{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270187b7ecf823332022-02-14 10:57:39.021root 11241100x80000000000000002052190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.021{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e51afdc514f8ca2022-02-14 10:57:39.021root 11241100x80000000000000002052191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.022{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be08bc9f39906c162022-02-14 10:57:39.022root 11241100x80000000000000002052192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.022{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4237a80c5b5cc41f2022-02-14 10:57:39.022root 11241100x80000000000000002052193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.022{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a7c39a32f492902022-02-14 10:57:39.022root 11241100x80000000000000002052194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.022{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71a56b6ffa78e6d2022-02-14 10:57:39.022root 11241100x80000000000000002052195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de4cefd024f33b82022-02-14 10:57:39.023root 11241100x80000000000000002052196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84ba4b30e2159302022-02-14 10:57:39.023root 11241100x80000000000000002052197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3056cf850a15701a2022-02-14 10:57:39.023root 11241100x80000000000000002052198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.024{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dee57b556385602022-02-14 10:57:39.024root 11241100x80000000000000002052199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.024{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1051727b791693742022-02-14 10:57:39.024root 11241100x80000000000000002052200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.024{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ae5b649a2c6bcd2022-02-14 10:57:39.024root 11241100x80000000000000002052201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.025{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be24a6fe938dc0022022-02-14 10:57:39.025root 11241100x80000000000000002052202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.026{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6dc09a694a857d2022-02-14 10:57:39.026root 11241100x80000000000000002052203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.026{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3cf98f3c5af0362022-02-14 10:57:39.026root 11241100x80000000000000002052204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.026{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2246873c1bc93d22022-02-14 10:57:39.026root 11241100x80000000000000002052205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57816ebe109d36082022-02-14 10:57:39.429root 11241100x80000000000000002052206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b457a9df03480bc62022-02-14 10:57:39.430root 11241100x80000000000000002052207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efeee9cff98f07d2022-02-14 10:57:39.430root 11241100x80000000000000002052208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a9657dd473a2f12022-02-14 10:57:39.430root 11241100x80000000000000002052209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7516c0344b025f2022-02-14 10:57:39.430root 11241100x80000000000000002052210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f92dbab41ee06a2022-02-14 10:57:39.430root 11241100x80000000000000002052211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c4ed6a3b979d722022-02-14 10:57:39.430root 11241100x80000000000000002052212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ac857b55f8bb982022-02-14 10:57:39.430root 11241100x80000000000000002052213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3cd4b9179cff7f2022-02-14 10:57:39.430root 11241100x80000000000000002052214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fcb65dcfc174e12022-02-14 10:57:39.430root 11241100x80000000000000002052215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:39.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59003532dc5377d72022-02-14 10:57:39.430root 354300x80000000000000002052239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:45.017{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54712-false10.0.1.12-8000- 11241100x80000000000000002052240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:45.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1b6425862a5fcd2022-02-14 10:57:45.429root 11241100x80000000000000002052241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:45.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea27f07e6d0f45d32022-02-14 10:57:45.929root 11241100x80000000000000002052242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:46.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae5de2006abbf772022-02-14 10:57:46.429root 11241100x80000000000000002052243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:46.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238dcb9eb45b6c8b2022-02-14 10:57:46.929root 154100x80000000000000002052244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:47.072{ec2ab09f-35ab-620a-6814-ba9c45560000}2409/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2ab09f-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}871--- 534500x80000000000000002052245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:47.093{ec2ab09f-35ab-620a-6814-ba9c45560000}2409/bin/psroot 11241100x80000000000000002052246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:47.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450c11f2d871c1de2022-02-14 10:57:47.429root 11241100x80000000000000002052247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac74265bae3ed432022-02-14 10:57:47.430root 11241100x80000000000000002052248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75b0f4a3b4fbfd12022-02-14 10:57:47.430root 11241100x80000000000000002052249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297f7e3ed49f75072022-02-14 10:57:47.930root 11241100x80000000000000002052250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7385f826a6fce8e2022-02-14 10:57:47.930root 11241100x80000000000000002052251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360104642f25e4b92022-02-14 10:57:47.930root 11241100x80000000000000002052252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:48.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbbc75fd3c071bc2022-02-14 10:57:48.429root 11241100x80000000000000002052253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f660176c5fe4e3e2022-02-14 10:57:48.430root 11241100x80000000000000002052254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4031175f6d4427b2022-02-14 10:57:48.430root 11241100x80000000000000002052255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:48.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af44bd3ef2b02ee02022-02-14 10:57:48.929root 11241100x80000000000000002052256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9d2e2a681462152022-02-14 10:57:48.930root 11241100x80000000000000002052257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651cbdd7714c88df2022-02-14 10:57:48.930root 11241100x80000000000000002052258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:49.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faa22824834dc542022-02-14 10:57:49.429root 11241100x80000000000000002052259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69947d95cb9242a82022-02-14 10:57:49.430root 11241100x80000000000000002052260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befb19f0ae7f56ae2022-02-14 10:57:49.430root 11241100x80000000000000002052261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:49.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d02aa0b04e6e4b2022-02-14 10:57:49.929root 11241100x80000000000000002052262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34ca01d2811f6f52022-02-14 10:57:49.930root 11241100x80000000000000002052263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f1f9a491409d302022-02-14 10:57:49.930root 354300x80000000000000002052264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:50.113{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54714-false10.0.1.12-8000- 11241100x80000000000000002052265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8242068b3789202022-02-14 10:57:50.430root 11241100x80000000000000002052266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655d2b78d7fbc3342022-02-14 10:57:50.430root 11241100x80000000000000002052267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fdec1bf8d438dd2022-02-14 10:57:50.430root 11241100x80000000000000002052268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab684fc69715baae2022-02-14 10:57:50.430root 11241100x80000000000000002052269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:50.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed35608b82b2dbd2022-02-14 10:57:50.929root 11241100x80000000000000002052270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719b9bdd2ec2a3812022-02-14 10:57:50.930root 11241100x80000000000000002052271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7a7cf61cb763382022-02-14 10:57:50.930root 11241100x80000000000000002052272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b4a0fb5d7c111f2022-02-14 10:57:50.930root 534500x80000000000000002052273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:50.942{ec2ab09f-0ff9-620a-c82a-0f291d560000}470/lib/systemd/systemd-journaldroot 11241100x80000000000000002052274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ce023152b758e82022-02-14 10:57:51.430root 11241100x80000000000000002052275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af1e3067cca518b2022-02-14 10:57:51.430root 11241100x80000000000000002052276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23edd7bda4783b32022-02-14 10:57:51.430root 11241100x80000000000000002052277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cb6bf3ec37f9352022-02-14 10:57:51.430root 11241100x80000000000000002052278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c5354f7ba188172022-02-14 10:57:51.430root 11241100x80000000000000002052279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb7492ff9d9d7f12022-02-14 10:57:51.930root 11241100x80000000000000002052280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bda1e6d70406b352022-02-14 10:57:51.930root 11241100x80000000000000002052281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a5c4ddbb2dbf9d2022-02-14 10:57:51.930root 11241100x80000000000000002052282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dd51fbedbabab52022-02-14 10:57:51.930root 11241100x80000000000000002052283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55478ff5d3104f62022-02-14 10:57:51.930root 11241100x80000000000000002052284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7124644fbfd144b2022-02-14 10:57:52.430root 11241100x80000000000000002052285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d4a9457b7dcec42022-02-14 10:57:52.430root 11241100x80000000000000002052286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8dafe75a9f95192022-02-14 10:57:52.430root 11241100x80000000000000002052287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d8eb50d0c81fad2022-02-14 10:57:52.430root 11241100x80000000000000002052288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62025e1746fb5d172022-02-14 10:57:52.430root 11241100x80000000000000002052289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfb556807671d362022-02-14 10:57:52.930root 11241100x80000000000000002052290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851cfc194236b59a2022-02-14 10:57:52.930root 11241100x80000000000000002052291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caf1ac743aaac1b2022-02-14 10:57:52.930root 11241100x80000000000000002052292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82878bdb76c5e6d12022-02-14 10:57:52.930root 11241100x80000000000000002052293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1294dfe6bc7abf2022-02-14 10:57:52.930root 11241100x80000000000000002052294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9088e2004e63ffc2022-02-14 10:57:53.430root 11241100x80000000000000002052295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3c884fab49bd302022-02-14 10:57:53.430root 11241100x80000000000000002052296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47a450e4e2d0fce2022-02-14 10:57:53.430root 11241100x80000000000000002052297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6832540b5803f5a2022-02-14 10:57:53.430root 11241100x80000000000000002052298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a5ea8b89c55ceb2022-02-14 10:57:53.430root 11241100x80000000000000002052299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3eba6d083d09c12022-02-14 10:57:53.930root 11241100x80000000000000002052300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8292848f51ae6cf02022-02-14 10:57:53.930root 11241100x80000000000000002052301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8fdbb44fb18c272022-02-14 10:57:53.930root 11241100x80000000000000002052302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403a13a6fe6b046b2022-02-14 10:57:53.930root 11241100x80000000000000002052303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808b7d3a7e803dbd2022-02-14 10:57:53.930root 11241100x80000000000000002052304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0571c7550ac668602022-02-14 10:57:54.430root 11241100x80000000000000002052305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ec607696ef57242022-02-14 10:57:54.430root 11241100x80000000000000002052306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9985338b1e16d42f2022-02-14 10:57:54.430root 11241100x80000000000000002052307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160f1d1b84beb11f2022-02-14 10:57:54.430root 11241100x80000000000000002052308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b228636fa09a36352022-02-14 10:57:54.430root 11241100x80000000000000002052309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f683c90c8403432022-02-14 10:57:54.930root 11241100x80000000000000002052310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511aa58d21f8234b2022-02-14 10:57:54.931root 11241100x80000000000000002052311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d72bb4eff505792022-02-14 10:57:54.931root 11241100x80000000000000002052312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a868a62d393f7c892022-02-14 10:57:54.931root 11241100x80000000000000002052313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4354931127c69d2022-02-14 10:57:54.931root 11241100x80000000000000002052314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5098d6fe1b3b90a42022-02-14 10:57:55.430root 11241100x80000000000000002052315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af1893a2f8c3ff62022-02-14 10:57:55.430root 11241100x80000000000000002052316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc1b4fffc2c66022022-02-14 10:57:55.430root 11241100x80000000000000002052317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb9def3374ed6d22022-02-14 10:57:55.430root 11241100x80000000000000002052318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6104c92c4ac37d262022-02-14 10:57:55.430root 11241100x80000000000000002052319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:55.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501157a64193bb1d2022-02-14 10:57:55.929root 11241100x80000000000000002052320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173b8a311ae546902022-02-14 10:57:55.930root 11241100x80000000000000002052321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd7d5e8c430376c2022-02-14 10:57:55.930root 11241100x80000000000000002052322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e03f1b45c9bd292022-02-14 10:57:55.930root 11241100x80000000000000002052323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8953e6dbf0acbb2022-02-14 10:57:55.930root 354300x80000000000000002052324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.053{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54716-false10.0.1.12-8000- 11241100x80000000000000002052325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4645581d9f4944782022-02-14 10:57:56.430root 11241100x80000000000000002052326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ca27f5e81e45d12022-02-14 10:57:56.430root 11241100x80000000000000002052327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d04983305f5e5042022-02-14 10:57:56.430root 11241100x80000000000000002052328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf583846606b0b472022-02-14 10:57:56.430root 11241100x80000000000000002052329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3d1199ba1360f72022-02-14 10:57:56.430root 11241100x80000000000000002052330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421b0cde6c3809282022-02-14 10:57:56.430root 11241100x80000000000000002052331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0777b60d0f6ceb2022-02-14 10:57:56.930root 11241100x80000000000000002052332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb48419383b9fc432022-02-14 10:57:56.930root 11241100x80000000000000002052333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3eab703f65966a72022-02-14 10:57:56.930root 11241100x80000000000000002052334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b00430682c0cd912022-02-14 10:57:56.930root 11241100x80000000000000002052335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350b3d6f6c6644c62022-02-14 10:57:56.930root 11241100x80000000000000002052336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa05d53db9b10692022-02-14 10:57:56.930root 11241100x80000000000000002052337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced53ceb75df5fff2022-02-14 10:57:57.429root 11241100x80000000000000002052338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2c571b7cd36a932022-02-14 10:57:57.430root 11241100x80000000000000002052339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5335c8ee646591a22022-02-14 10:57:57.430root 11241100x80000000000000002052340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5a3ba913af51d72022-02-14 10:57:57.430root 11241100x80000000000000002052341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f316841f571c98a52022-02-14 10:57:57.430root 11241100x80000000000000002052342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fdf9be3dea75e12022-02-14 10:57:57.430root 11241100x80000000000000002052343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1931d5eaadbc082022-02-14 10:57:57.930root 11241100x80000000000000002052344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a942f46dd5512572022-02-14 10:57:57.930root 11241100x80000000000000002052345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b691016071368722022-02-14 10:57:57.930root 11241100x80000000000000002052346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd878b7b21cd4242022-02-14 10:57:57.930root 11241100x80000000000000002052347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cab4b96dbdb2bc2022-02-14 10:57:57.930root 11241100x80000000000000002052348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1fed303bb384f12022-02-14 10:57:57.930root 11241100x80000000000000002052349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1faf6ca56e9220a2022-02-14 10:57:58.429root 11241100x80000000000000002052350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdf1b0a7e7422062022-02-14 10:57:58.430root 11241100x80000000000000002052351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74ba7b560a32de82022-02-14 10:57:58.430root 11241100x80000000000000002052352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98655bb0d0c18dc2022-02-14 10:57:58.430root 11241100x80000000000000002052353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439b4e36aeb798792022-02-14 10:57:58.430root 11241100x80000000000000002052354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656f058d55e7053c2022-02-14 10:57:58.431root 11241100x80000000000000002052355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23f8c30abf3b0312022-02-14 10:57:58.929root 11241100x80000000000000002052356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8025de2ff00ddea32022-02-14 10:57:58.930root 11241100x80000000000000002052357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afb6ff00d4b314e2022-02-14 10:57:58.930root 11241100x80000000000000002052358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384c942d5327fdb62022-02-14 10:57:58.930root 11241100x80000000000000002052359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e87cd315b54af652022-02-14 10:57:58.930root 11241100x80000000000000002052360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17414386a4f3b3f62022-02-14 10:57:58.930root 11241100x80000000000000002052361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8540186ebd8244152022-02-14 10:57:59.429root 11241100x80000000000000002052362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1bc580c2ffa2bb2022-02-14 10:57:59.430root 11241100x80000000000000002052363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136f73b32031fd722022-02-14 10:57:59.430root 11241100x80000000000000002052364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86977354a2621bd62022-02-14 10:57:59.430root 11241100x80000000000000002052365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef96e1674dbb6cea2022-02-14 10:57:59.430root 11241100x80000000000000002052366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485d8ce6b27a512e2022-02-14 10:57:59.430root 11241100x80000000000000002052367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa5aca7d2afa9892022-02-14 10:57:59.930root 11241100x80000000000000002052368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510d51f28a48f26c2022-02-14 10:57:59.930root 11241100x80000000000000002052369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bdc2edf152173f2022-02-14 10:57:59.930root 11241100x80000000000000002052370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bbf0db17cbeee02022-02-14 10:57:59.931root 11241100x80000000000000002052371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f625a2c4c486fd372022-02-14 10:57:59.931root 11241100x80000000000000002052372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:57:59.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889a1d962192d3402022-02-14 10:57:59.931root 11241100x80000000000000002052373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e422ad2659d712a2022-02-14 10:58:00.430root 11241100x80000000000000002052374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ee80ef80d091632022-02-14 10:58:00.430root 11241100x80000000000000002052375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2564ee45414dff4f2022-02-14 10:58:00.430root 11241100x80000000000000002052376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e33635ea1be7b2022-02-14 10:58:00.431root 11241100x80000000000000002052377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca74c143f691fe8d2022-02-14 10:58:00.431root 11241100x80000000000000002052378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0daf7329f820e672022-02-14 10:58:00.431root 11241100x80000000000000002052379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08f4c057529764a2022-02-14 10:58:00.930root 11241100x80000000000000002052380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82d00fce4fdaa482022-02-14 10:58:00.930root 11241100x80000000000000002052381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f31a205218b07b92022-02-14 10:58:00.931root 11241100x80000000000000002052382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31055e3ec0b8bda92022-02-14 10:58:00.931root 11241100x80000000000000002052383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c94c22ba0c82d62022-02-14 10:58:00.931root 11241100x80000000000000002052384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88fa28d7f7a64032022-02-14 10:58:00.931root 354300x80000000000000002052385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.142{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54718-false10.0.1.12-8000- 11241100x80000000000000002052386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb93a05cb07698262022-02-14 10:58:01.430root 11241100x80000000000000002052387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f35b412cf3719032022-02-14 10:58:01.430root 11241100x80000000000000002052388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec483913001c6b22022-02-14 10:58:01.430root 11241100x80000000000000002052389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cab876a0abea77a2022-02-14 10:58:01.430root 11241100x80000000000000002052390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e840c4c667253e2022-02-14 10:58:01.430root 11241100x80000000000000002052391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb1ec6c87996ab32022-02-14 10:58:01.430root 11241100x80000000000000002052392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c76b05d47aeb44e2022-02-14 10:58:01.430root 11241100x80000000000000002052393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41d4650778d744e2022-02-14 10:58:01.930root 11241100x80000000000000002052394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb3ee79a7a45fea2022-02-14 10:58:01.930root 11241100x80000000000000002052395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0819204c896e2f952022-02-14 10:58:01.930root 11241100x80000000000000002052396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec3d0be9b7ff9c92022-02-14 10:58:01.930root 11241100x80000000000000002052397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c438b53421f8ac2022-02-14 10:58:01.931root 11241100x80000000000000002052398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e10b8a5b8f47182022-02-14 10:58:01.931root 11241100x80000000000000002052399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed653803066d4ed2022-02-14 10:58:01.931root 11241100x80000000000000002052400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b692a243dced53422022-02-14 10:58:02.430root 11241100x80000000000000002052401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccece6cf39bb22262022-02-14 10:58:02.430root 11241100x80000000000000002052402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a53e60f0fa8288d2022-02-14 10:58:02.430root 11241100x80000000000000002052403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61ee817e35043e52022-02-14 10:58:02.430root 11241100x80000000000000002052404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f881ecfb1d4b0fce2022-02-14 10:58:02.430root 11241100x80000000000000002052405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb63820b6b99cf262022-02-14 10:58:02.430root 11241100x80000000000000002052406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392c8bb967bee49b2022-02-14 10:58:02.430root 11241100x80000000000000002052407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fb10f299f2737a2022-02-14 10:58:02.930root 11241100x80000000000000002052408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ce5356b82231ec2022-02-14 10:58:02.930root 11241100x80000000000000002052409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f88757b51ff7f82022-02-14 10:58:02.930root 11241100x80000000000000002052410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ab585e1603e0102022-02-14 10:58:02.930root 11241100x80000000000000002052411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18813b7730ab94342022-02-14 10:58:02.930root 11241100x80000000000000002052412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbf27711aba645e2022-02-14 10:58:02.930root 11241100x80000000000000002052413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c54f96c0a0f1b822022-02-14 10:58:02.930root 11241100x80000000000000002052414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18c97e2684847ae2022-02-14 10:58:03.430root 11241100x80000000000000002052415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68c367d18fb33b62022-02-14 10:58:03.430root 11241100x80000000000000002052416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3570d1bc867bbc52022-02-14 10:58:03.430root 11241100x80000000000000002052417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe319425aada5ee2022-02-14 10:58:03.430root 11241100x80000000000000002052418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a90dcd558c89bdc2022-02-14 10:58:03.430root 11241100x80000000000000002052419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00152b56ef0187382022-02-14 10:58:03.430root 11241100x80000000000000002052420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9f6974c47bd1302022-02-14 10:58:03.430root 11241100x80000000000000002052421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d06113de1e49e32022-02-14 10:58:03.930root 11241100x80000000000000002052422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a0c4704d0e46af2022-02-14 10:58:03.930root 11241100x80000000000000002052423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32244658dfa8ed652022-02-14 10:58:03.930root 11241100x80000000000000002052424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d18bc1fb2142b512022-02-14 10:58:03.930root 11241100x80000000000000002052425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d860bef981378772022-02-14 10:58:03.930root 11241100x80000000000000002052426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ca3341fab968b92022-02-14 10:58:03.930root 11241100x80000000000000002052427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2205e65384a5b5d2022-02-14 10:58:03.930root 11241100x80000000000000002052428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70381453d78a987d2022-02-14 10:58:04.430root 11241100x80000000000000002052429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e766804601cadf2022-02-14 10:58:04.430root 11241100x80000000000000002052430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d44d84bcda27672022-02-14 10:58:04.430root 11241100x80000000000000002052431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd6c9ce66ca02482022-02-14 10:58:04.430root 11241100x80000000000000002052432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135b0617681036fb2022-02-14 10:58:04.430root 11241100x80000000000000002052433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bc4ffb1ee074662022-02-14 10:58:04.430root 11241100x80000000000000002052434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc61b40035d27d542022-02-14 10:58:04.430root 11241100x80000000000000002052435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec89124cf7e45292022-02-14 10:58:04.930root 11241100x80000000000000002052436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da0a713c44a9d5b2022-02-14 10:58:04.930root 11241100x80000000000000002052437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cf71e4a92931de2022-02-14 10:58:04.930root 11241100x80000000000000002052438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab45019d72bc3e32022-02-14 10:58:04.930root 11241100x80000000000000002052439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efbaee7e14fe43a2022-02-14 10:58:04.930root 11241100x80000000000000002052440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051785218c425f062022-02-14 10:58:04.930root 11241100x80000000000000002052441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc32288bdb586542022-02-14 10:58:04.930root 11241100x80000000000000002052442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddfd4c4e8c1d76d2022-02-14 10:58:05.430root 11241100x80000000000000002052443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb55b4bd305696532022-02-14 10:58:05.430root 11241100x80000000000000002052444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a90750fe6a3370f2022-02-14 10:58:05.430root 11241100x80000000000000002052445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f439f4b8c6d075fd2022-02-14 10:58:05.430root 11241100x80000000000000002052446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c010f7d0c9c17812022-02-14 10:58:05.430root 11241100x80000000000000002052447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffc8390f101dc302022-02-14 10:58:05.430root 11241100x80000000000000002052448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7611869d133013b2022-02-14 10:58:05.430root 11241100x80000000000000002052449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf484ee0e1a8aec52022-02-14 10:58:05.930root 11241100x80000000000000002052450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a02333b48377b22022-02-14 10:58:05.930root 11241100x80000000000000002052451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789a30a5d7adf5302022-02-14 10:58:05.930root 11241100x80000000000000002052452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9210e001e03f41d2022-02-14 10:58:05.930root 11241100x80000000000000002052453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee13dc999c7d3b0d2022-02-14 10:58:05.930root 11241100x80000000000000002052454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d86a4ccff15f642022-02-14 10:58:05.930root 11241100x80000000000000002052455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4718c77e019088772022-02-14 10:58:05.930root 354300x80000000000000002052456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.248{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54720-false10.0.1.12-8000- 11241100x80000000000000002052457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.249{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a993294874da922022-02-14 10:58:06.249root 11241100x80000000000000002052458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.249{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d585ab1d7ece41e2022-02-14 10:58:06.249root 11241100x80000000000000002052459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.249{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3eb7467347a9582022-02-14 10:58:06.249root 11241100x80000000000000002052460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.250{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dfb1065b004d6c2022-02-14 10:58:06.250root 11241100x80000000000000002052461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.250{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9357e884653ca002022-02-14 10:58:06.250root 11241100x80000000000000002052462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.250{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd1b1c988451f462022-02-14 10:58:06.250root 11241100x80000000000000002052463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.250{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434529d9141c28802022-02-14 10:58:06.250root 11241100x80000000000000002052464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.250{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f4a513a24dc4932022-02-14 10:58:06.250root 11241100x80000000000000002052465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e46f4ed22dac292022-02-14 10:58:06.679root 11241100x80000000000000002052466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4c0557f24020cb2022-02-14 10:58:06.680root 11241100x80000000000000002052467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6912168717e3d6302022-02-14 10:58:06.680root 11241100x80000000000000002052468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e918f989e8b36eab2022-02-14 10:58:06.680root 11241100x80000000000000002052469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb498640418ca0b32022-02-14 10:58:06.680root 11241100x80000000000000002052470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23daae9c8fd06fe12022-02-14 10:58:06.680root 11241100x80000000000000002052471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5b3c604f5060af2022-02-14 10:58:06.680root 11241100x80000000000000002052472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33e86b823f3332e2022-02-14 10:58:06.680root 11241100x80000000000000002052473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85de40bf860b10dc2022-02-14 10:58:07.180root 11241100x80000000000000002052474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d024828764c100a2022-02-14 10:58:07.180root 11241100x80000000000000002052475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97abfba592f5f802022-02-14 10:58:07.180root 11241100x80000000000000002052476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5319cf98b5ef042022-02-14 10:58:07.180root 11241100x80000000000000002052477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32158596fdf1e81e2022-02-14 10:58:07.180root 11241100x80000000000000002052478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744fbfce54c7737c2022-02-14 10:58:07.180root 11241100x80000000000000002052479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77d5207d91da54e2022-02-14 10:58:07.180root 11241100x80000000000000002052480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2436437cc6a935932022-02-14 10:58:07.180root 11241100x80000000000000002052481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47dfd844bd2c6612022-02-14 10:58:07.680root 11241100x80000000000000002052482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de63b87c74a586f2022-02-14 10:58:07.680root 11241100x80000000000000002052483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703c8504a21e54502022-02-14 10:58:07.680root 11241100x80000000000000002052484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f807ddc44a622d22022-02-14 10:58:07.680root 11241100x80000000000000002052485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47263d9716229ccf2022-02-14 10:58:07.680root 11241100x80000000000000002052486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195464d06acfe9a12022-02-14 10:58:07.680root 11241100x80000000000000002052487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c67b507e3e900a32022-02-14 10:58:07.680root 11241100x80000000000000002052488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5094519dcc5ce52022-02-14 10:58:07.680root 11241100x80000000000000002052489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d725ffce62bd04ea2022-02-14 10:58:08.180root 11241100x80000000000000002052490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410508431dacc7442022-02-14 10:58:08.180root 11241100x80000000000000002052491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee72bbd472729b92022-02-14 10:58:08.180root 11241100x80000000000000002052492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba68f3b0b4af58042022-02-14 10:58:08.180root 11241100x80000000000000002052493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca0a206509438ff2022-02-14 10:58:08.180root 11241100x80000000000000002052494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eb4ec21f6b88492022-02-14 10:58:08.180root 11241100x80000000000000002052495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a99945a6880a09d2022-02-14 10:58:08.180root 11241100x80000000000000002052496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c754510b06606d332022-02-14 10:58:08.180root 11241100x80000000000000002052497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b647f5d8b2e26a2022-02-14 10:58:08.680root 11241100x80000000000000002052498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca2fc41d8eeca442022-02-14 10:58:08.680root 11241100x80000000000000002052499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f944f9bc5b8b462022-02-14 10:58:08.680root 11241100x80000000000000002052500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588d2b4001683ddc2022-02-14 10:58:08.680root 11241100x80000000000000002052501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa3b0138bc5dee72022-02-14 10:58:08.680root 11241100x80000000000000002052502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f62cb27b8ac2c1d2022-02-14 10:58:08.680root 11241100x80000000000000002052503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b7bad74ae8e96f2022-02-14 10:58:08.680root 11241100x80000000000000002052504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a486ebf7fb70b5d42022-02-14 10:58:08.680root 11241100x80000000000000002052505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaab2fd80a849d632022-02-14 10:58:09.180root 11241100x80000000000000002052506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b988be622dd711b2022-02-14 10:58:09.180root 11241100x80000000000000002052507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19016dadd4db23782022-02-14 10:58:09.180root 11241100x80000000000000002052508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ad96a66bcc86d12022-02-14 10:58:09.180root 11241100x80000000000000002052509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758db2ccf1e204252022-02-14 10:58:09.180root 11241100x80000000000000002052510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d5d53650a134132022-02-14 10:58:09.180root 11241100x80000000000000002052511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08627abe5192411b2022-02-14 10:58:09.180root 11241100x80000000000000002052512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4a9120de7e89ef2022-02-14 10:58:09.180root 11241100x80000000000000002052513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbafd2b90f2a9ed2022-02-14 10:58:09.680root 11241100x80000000000000002052514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a28f89c68b4ac62022-02-14 10:58:09.680root 11241100x80000000000000002052515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa6aa0e1c3745ab2022-02-14 10:58:09.680root 11241100x80000000000000002052516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2036e130f4697722022-02-14 10:58:09.680root 11241100x80000000000000002052517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd73ccebd3249032022-02-14 10:58:09.680root 11241100x80000000000000002052518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30580d974eeb8fbd2022-02-14 10:58:09.680root 11241100x80000000000000002052519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56c202626bfbd492022-02-14 10:58:09.680root 11241100x80000000000000002052520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a6cf7d885c23be2022-02-14 10:58:09.680root 11241100x80000000000000002052521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.015{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 10:58:10.015root 11241100x80000000000000002052522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a9b3e0c4d9eae92022-02-14 10:58:10.016root 11241100x80000000000000002052523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67949f5b46722eb2022-02-14 10:58:10.016root 11241100x80000000000000002052524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab54ee4d5ca161a2022-02-14 10:58:10.016root 11241100x80000000000000002052525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eff072bacf10632022-02-14 10:58:10.016root 11241100x80000000000000002052526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf58af02f39b18442022-02-14 10:58:10.016root 11241100x80000000000000002052527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629e2808433ecd2c2022-02-14 10:58:10.016root 11241100x80000000000000002052528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894455dbe4cc1e822022-02-14 10:58:10.016root 11241100x80000000000000002052529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637b85fbcd1ff2a82022-02-14 10:58:10.016root 11241100x80000000000000002052530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df25b5c7b16c43b42022-02-14 10:58:10.017root 11241100x80000000000000002052531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26f38491fb1fd462022-02-14 10:58:10.430root 11241100x80000000000000002052532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea585c9b148331672022-02-14 10:58:10.430root 11241100x80000000000000002052533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c7ae680943c1892022-02-14 10:58:10.430root 11241100x80000000000000002052534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b200a6e09795efc32022-02-14 10:58:10.430root 11241100x80000000000000002052535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd24d966dd066852022-02-14 10:58:10.430root 11241100x80000000000000002052536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4584a6cf720aa70c2022-02-14 10:58:10.430root 11241100x80000000000000002052537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e380de30c1f78f4e2022-02-14 10:58:10.430root 11241100x80000000000000002052538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79951ed557e433ac2022-02-14 10:58:10.430root 11241100x80000000000000002052539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6264f8b08ae31e0a2022-02-14 10:58:10.430root 11241100x80000000000000002052540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e686d7bed26416db2022-02-14 10:58:10.930root 11241100x80000000000000002052541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0224e3e81ad698c32022-02-14 10:58:10.930root 11241100x80000000000000002052542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817f5bf29f6480702022-02-14 10:58:10.930root 11241100x80000000000000002052543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd64314abe5b03492022-02-14 10:58:10.930root 11241100x80000000000000002052544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e627cd7fbb2009652022-02-14 10:58:10.930root 11241100x80000000000000002052545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969bd928b2dd3e292022-02-14 10:58:10.930root 11241100x80000000000000002052546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae8c2d2b027d7492022-02-14 10:58:10.930root 11241100x80000000000000002052547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc21503708e828f92022-02-14 10:58:10.930root 11241100x80000000000000002052548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a267112b4e02c8122022-02-14 10:58:10.930root 354300x80000000000000002052549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.094{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-58210-false10.0.1.12-8089- 11241100x80000000000000002052550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a598dcf12a4424b2022-02-14 10:58:11.430root 11241100x80000000000000002052551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e830bd1bf297f32022-02-14 10:58:11.430root 11241100x80000000000000002052552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d878395a5ee4892022-02-14 10:58:11.430root 11241100x80000000000000002052553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c84a1289745fd72022-02-14 10:58:11.430root 11241100x80000000000000002052554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d877d7580a7828292022-02-14 10:58:11.430root 11241100x80000000000000002052555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5993252b3db825f2022-02-14 10:58:11.430root 11241100x80000000000000002052556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3db32bf955101b2022-02-14 10:58:11.430root 11241100x80000000000000002052557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a2f28ce38ee3d92022-02-14 10:58:11.430root 11241100x80000000000000002052558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8aac0fa4baad86d2022-02-14 10:58:11.430root 11241100x80000000000000002052559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495b842cef90ef532022-02-14 10:58:11.431root 11241100x80000000000000002052560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d83625b46909952022-02-14 10:58:11.930root 11241100x80000000000000002052561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129b5e7cfb8434b42022-02-14 10:58:11.930root 11241100x80000000000000002052562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9651f42b2cc55e72022-02-14 10:58:11.930root 11241100x80000000000000002052563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7e49ee2362d9962022-02-14 10:58:11.930root 11241100x80000000000000002052564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0b5e247ee6e5352022-02-14 10:58:11.930root 11241100x80000000000000002052565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123c92e9d2a034ee2022-02-14 10:58:11.930root 11241100x80000000000000002052566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e2c73273898a7b2022-02-14 10:58:11.930root 11241100x80000000000000002052567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c787c95281b49d42022-02-14 10:58:11.933root 11241100x80000000000000002052568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147ef5860b40db252022-02-14 10:58:11.933root 11241100x80000000000000002052569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:11.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377efef0c3ce5bba2022-02-14 10:58:11.933root 354300x80000000000000002052570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.076{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54724-false10.0.1.12-8000- 11241100x80000000000000002052571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcab03a6cfcd7192022-02-14 10:58:12.430root 11241100x80000000000000002052572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d290eae552ec0642022-02-14 10:58:12.430root 11241100x80000000000000002052573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97da80c6506c4bf2022-02-14 10:58:12.430root 11241100x80000000000000002052574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8e1b23c2bb3f6f2022-02-14 10:58:12.431root 11241100x80000000000000002052575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208778c522fa586a2022-02-14 10:58:12.431root 11241100x80000000000000002052576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070f35aecac267a42022-02-14 10:58:12.431root 11241100x80000000000000002052577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198786111dc44fcd2022-02-14 10:58:12.431root 11241100x80000000000000002052578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a728bd968a29f3b32022-02-14 10:58:12.431root 11241100x80000000000000002052579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bccb853afccfb02022-02-14 10:58:12.431root 11241100x80000000000000002052580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea27b27a9b01e602022-02-14 10:58:12.432root 11241100x80000000000000002052581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e5650ac48dd76a2022-02-14 10:58:12.432root 11241100x80000000000000002052582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787831a0da6d7cbc2022-02-14 10:58:12.930root 11241100x80000000000000002052583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713275bedec874db2022-02-14 10:58:12.930root 11241100x80000000000000002052584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde31ef8730ef0c2022-02-14 10:58:12.931root 11241100x80000000000000002052585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95204499863dfd8e2022-02-14 10:58:12.931root 11241100x80000000000000002052586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8656507d68ea85bc2022-02-14 10:58:12.931root 11241100x80000000000000002052587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b37a5677bf5e632022-02-14 10:58:12.931root 11241100x80000000000000002052588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceec38662383d4092022-02-14 10:58:12.932root 11241100x80000000000000002052589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfde047842b0de032022-02-14 10:58:12.932root 11241100x80000000000000002052590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add54fe91f4329772022-02-14 10:58:12.932root 11241100x80000000000000002052591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dfb7e12a5800132022-02-14 10:58:12.932root 11241100x80000000000000002052592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:12.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd99503525c2d8c52022-02-14 10:58:12.932root 23542300x80000000000000002052593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.012{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000002052594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e298581a7879ae2022-02-14 10:58:13.430root 11241100x80000000000000002052595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1556306f77ad2c2022-02-14 10:58:13.430root 11241100x80000000000000002052596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff7a2b5aee31a462022-02-14 10:58:13.430root 11241100x80000000000000002052597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc5abf8d52f85bf2022-02-14 10:58:13.431root 11241100x80000000000000002052598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a563491455d33b2022-02-14 10:58:13.431root 11241100x80000000000000002052599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6f43deb59ab1c32022-02-14 10:58:13.431root 11241100x80000000000000002052600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d882b55caa28b1c2022-02-14 10:58:13.431root 11241100x80000000000000002052601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbaf99dbf9f253f2022-02-14 10:58:13.431root 11241100x80000000000000002052602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77171ea3df1676af2022-02-14 10:58:13.431root 11241100x80000000000000002052603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9075bb09ead1f9d22022-02-14 10:58:13.431root 11241100x80000000000000002052604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896e18dde57bcc762022-02-14 10:58:13.431root 11241100x80000000000000002052605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff67e456b1c3004c2022-02-14 10:58:13.431root 11241100x80000000000000002052606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae7362aec5482dd2022-02-14 10:58:13.930root 11241100x80000000000000002052607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef555e6f5f3600b2022-02-14 10:58:13.930root 11241100x80000000000000002052608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1564ce24a962985d2022-02-14 10:58:13.930root 11241100x80000000000000002052609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6726361d459ac3912022-02-14 10:58:13.930root 11241100x80000000000000002052610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0de8e0b26262f22022-02-14 10:58:13.931root 11241100x80000000000000002052611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118a3db4bd8fc9212022-02-14 10:58:13.931root 11241100x80000000000000002052612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcc00bdd92f51192022-02-14 10:58:13.931root 11241100x80000000000000002052613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae4cebd35ba9bda2022-02-14 10:58:13.931root 11241100x80000000000000002052614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba761df2d5773c12022-02-14 10:58:13.931root 11241100x80000000000000002052615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37406191e8f470c42022-02-14 10:58:13.931root 11241100x80000000000000002052616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11fba3964ab7d4d2022-02-14 10:58:13.932root 11241100x80000000000000002052617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b39fbb39f19dba2022-02-14 10:58:13.932root 11241100x80000000000000002052618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87b9b2582c50ae82022-02-14 10:58:14.430root 11241100x80000000000000002052619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a8a6adf0d4e81d2022-02-14 10:58:14.430root 11241100x80000000000000002052620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae38c154645e5a0d2022-02-14 10:58:14.430root 11241100x80000000000000002052621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0eafc92ecca5352022-02-14 10:58:14.430root 11241100x80000000000000002052622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d77ad3abf0c8a92022-02-14 10:58:14.430root 11241100x80000000000000002052623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a1dbbb1e1ef40f2022-02-14 10:58:14.431root 11241100x80000000000000002052624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f1ea79a0a158d52022-02-14 10:58:14.431root 11241100x80000000000000002052625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b26d2aca9972aa2022-02-14 10:58:14.431root 11241100x80000000000000002052626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f1005651fe24c32022-02-14 10:58:14.431root 11241100x80000000000000002052627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed59bcfd2f1054372022-02-14 10:58:14.431root 11241100x80000000000000002052628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b04704469a1bc292022-02-14 10:58:14.431root 11241100x80000000000000002052629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d028ae164490c54e2022-02-14 10:58:14.431root 11241100x80000000000000002052630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd8128f66ac7cbb2022-02-14 10:58:14.930root 11241100x80000000000000002052631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435724adf63273d52022-02-14 10:58:14.930root 11241100x80000000000000002052632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebffe830b43aae92022-02-14 10:58:14.930root 11241100x80000000000000002052633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b044adb621e524ac2022-02-14 10:58:14.930root 11241100x80000000000000002052634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f53f012ef898802022-02-14 10:58:14.930root 11241100x80000000000000002052635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4cc3650faa68062022-02-14 10:58:14.930root 11241100x80000000000000002052636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa25c1d880cc683d2022-02-14 10:58:14.930root 11241100x80000000000000002052637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367caabcca14ec362022-02-14 10:58:14.931root 11241100x80000000000000002052638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b940e4c8335f0b2022-02-14 10:58:14.931root 11241100x80000000000000002052639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84621bebce65b2a22022-02-14 10:58:14.931root 11241100x80000000000000002052640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aeb5192c63fd85d2022-02-14 10:58:14.931root 11241100x80000000000000002052641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c094cdb8ce2f0f2022-02-14 10:58:14.931root 11241100x80000000000000002052642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1967f4fa21118142022-02-14 10:58:15.430root 11241100x80000000000000002052643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7255471ec12c334e2022-02-14 10:58:15.430root 11241100x80000000000000002052644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c274310432c46f72022-02-14 10:58:15.430root 11241100x80000000000000002052645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb154db6cb7d4732022-02-14 10:58:15.430root 11241100x80000000000000002052646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb227aa1a7a953e52022-02-14 10:58:15.430root 11241100x80000000000000002052647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4eb1f4c3e7da2aa2022-02-14 10:58:15.430root 11241100x80000000000000002052648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b770279479e537292022-02-14 10:58:15.430root 11241100x80000000000000002052649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e83ea8bc0cf5cd2022-02-14 10:58:15.430root 11241100x80000000000000002052650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a62f3fbd9a844f2022-02-14 10:58:15.431root 11241100x80000000000000002052651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38e5c7427e089972022-02-14 10:58:15.431root 11241100x80000000000000002052652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1fd5d97a1a3fde2022-02-14 10:58:15.431root 11241100x80000000000000002052653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c0567db77ab6702022-02-14 10:58:15.431root 11241100x80000000000000002052654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265bce341e0d0b272022-02-14 10:58:15.930root 11241100x80000000000000002052655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db80a662542beca42022-02-14 10:58:15.930root 11241100x80000000000000002052656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41abac106a4985a62022-02-14 10:58:15.930root 11241100x80000000000000002052657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea5d862b7af02d42022-02-14 10:58:15.930root 11241100x80000000000000002052658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21e139150ea9c5b2022-02-14 10:58:15.930root 11241100x80000000000000002052659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1f831a04a486922022-02-14 10:58:15.930root 11241100x80000000000000002052660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896c03143f10cfea2022-02-14 10:58:15.930root 11241100x80000000000000002052661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa7054f03c4eb9c2022-02-14 10:58:15.930root 11241100x80000000000000002052662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f526ab104666a02022-02-14 10:58:15.930root 11241100x80000000000000002052663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8de28256517c7182022-02-14 10:58:15.931root 11241100x80000000000000002052664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41891f17b0881d532022-02-14 10:58:15.931root 11241100x80000000000000002052665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed9e09f4cfd68e2022-02-14 10:58:15.931root 11241100x80000000000000002052666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ef0e8b4612f45c2022-02-14 10:58:16.430root 11241100x80000000000000002052667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce36b743cf2ea742022-02-14 10:58:16.430root 11241100x80000000000000002052668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d05ef008e448622022-02-14 10:58:16.430root 11241100x80000000000000002052669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b4e3da3cdded6c2022-02-14 10:58:16.430root 11241100x80000000000000002052670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9e098f56f4fe222022-02-14 10:58:16.430root 11241100x80000000000000002052671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326d50ec34beb62a2022-02-14 10:58:16.430root 11241100x80000000000000002052672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21f53d032311acc2022-02-14 10:58:16.431root 11241100x80000000000000002052673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fba8d1c7a60278e2022-02-14 10:58:16.431root 11241100x80000000000000002052674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1a65fae25794f72022-02-14 10:58:16.431root 11241100x80000000000000002052675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a704e9775dc7702022-02-14 10:58:16.431root 11241100x80000000000000002052676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cdf465e5b2952a2022-02-14 10:58:16.431root 11241100x80000000000000002052677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f539aebc7cf7662022-02-14 10:58:16.431root 11241100x80000000000000002052678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b69ce709b2203a92022-02-14 10:58:16.930root 11241100x80000000000000002052679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53965c5e9646ef432022-02-14 10:58:16.930root 11241100x80000000000000002052680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bfc7d02127f7e72022-02-14 10:58:16.930root 11241100x80000000000000002052681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc5df814834472c2022-02-14 10:58:16.930root 11241100x80000000000000002052682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b48f33fd6fa9d52022-02-14 10:58:16.930root 11241100x80000000000000002052683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3bedeabaffac0c2022-02-14 10:58:16.930root 11241100x80000000000000002052684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d644edd9a55c35e62022-02-14 10:58:16.930root 11241100x80000000000000002052685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2649dd5a5351ff212022-02-14 10:58:16.930root 11241100x80000000000000002052686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892039f765ad59f42022-02-14 10:58:16.930root 11241100x80000000000000002052687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b513b698f4e824632022-02-14 10:58:16.931root 11241100x80000000000000002052688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ffe52a5c907c792022-02-14 10:58:16.931root 11241100x80000000000000002052689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311328107222952b2022-02-14 10:58:16.931root 11241100x80000000000000002052690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c11d2ef4848d8e2022-02-14 10:58:17.430root 11241100x80000000000000002052691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cdedf32604c94f2022-02-14 10:58:17.430root 11241100x80000000000000002052692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25030bcfa8488aa22022-02-14 10:58:17.430root 11241100x80000000000000002052693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd56129c917848642022-02-14 10:58:17.430root 11241100x80000000000000002052694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5e3a8bdb12dfcd2022-02-14 10:58:17.431root 11241100x80000000000000002052695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250557e9e2c56dde2022-02-14 10:58:17.431root 11241100x80000000000000002052696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80194ff76432238a2022-02-14 10:58:17.431root 11241100x80000000000000002052697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10697b02f13656ef2022-02-14 10:58:17.431root 11241100x80000000000000002052698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b353362f359e6adb2022-02-14 10:58:17.431root 11241100x80000000000000002052699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2677cf72bb4ac8fa2022-02-14 10:58:17.431root 11241100x80000000000000002052700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aef88e59a082dc2022-02-14 10:58:17.432root 11241100x80000000000000002052701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f3cf4685d5f83c2022-02-14 10:58:17.432root 11241100x80000000000000002052702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c810d0c4dc508be32022-02-14 10:58:17.930root 11241100x80000000000000002052703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f393916c3ca893182022-02-14 10:58:17.930root 11241100x80000000000000002052704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38731c52b543c19d2022-02-14 10:58:17.930root 11241100x80000000000000002052705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44907129e73b78012022-02-14 10:58:17.930root 11241100x80000000000000002052706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e0fa51782e3bfb2022-02-14 10:58:17.930root 11241100x80000000000000002052707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddfadb66beeb9742022-02-14 10:58:17.930root 11241100x80000000000000002052708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fe5bbcb37ffeae2022-02-14 10:58:17.930root 11241100x80000000000000002052709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482ff531236460022022-02-14 10:58:17.930root 11241100x80000000000000002052710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c18fd2a49831472022-02-14 10:58:17.930root 11241100x80000000000000002052711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e965f2321e273982022-02-14 10:58:17.931root 11241100x80000000000000002052712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58475cbeb2e9321f2022-02-14 10:58:17.931root 11241100x80000000000000002052713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f3216cc28a065c2022-02-14 10:58:17.931root 354300x80000000000000002052714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.070{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54726-false10.0.1.12-8000- 11241100x80000000000000002052715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f49746661a084632022-02-14 10:58:18.430root 11241100x80000000000000002052716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a9499525d0326d2022-02-14 10:58:18.430root 11241100x80000000000000002052717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0adae266b59e30b2022-02-14 10:58:18.430root 11241100x80000000000000002052718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9165982feb0e60af2022-02-14 10:58:18.430root 11241100x80000000000000002052719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a8a00ffda8d9152022-02-14 10:58:18.430root 11241100x80000000000000002052720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a51222de7a91652022-02-14 10:58:18.430root 11241100x80000000000000002052721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b8a7d72d63ab5a2022-02-14 10:58:18.430root 11241100x80000000000000002052722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0829d86660209d962022-02-14 10:58:18.431root 11241100x80000000000000002052723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a693f3ada815dd262022-02-14 10:58:18.431root 11241100x80000000000000002052724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096838ef5cf0c1822022-02-14 10:58:18.431root 11241100x80000000000000002052725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7607e2e89f42fdb42022-02-14 10:58:18.431root 11241100x80000000000000002052726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49a808c8d49a8e72022-02-14 10:58:18.431root 11241100x80000000000000002052727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d55633b1c332412022-02-14 10:58:18.431root 11241100x80000000000000002052728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1833accd92d63b282022-02-14 10:58:18.930root 11241100x80000000000000002052729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d854137fead9992022-02-14 10:58:18.930root 11241100x80000000000000002052730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08420748c00d5912022-02-14 10:58:18.930root 11241100x80000000000000002052731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e8fd35c11d15722022-02-14 10:58:18.930root 11241100x80000000000000002052732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff007e8a77ed8e22022-02-14 10:58:18.930root 11241100x80000000000000002052733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24eab1a6a65573f2022-02-14 10:58:18.930root 11241100x80000000000000002052734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282a9dcad12c26422022-02-14 10:58:18.930root 11241100x80000000000000002052735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8628ba016ed749532022-02-14 10:58:18.930root 11241100x80000000000000002052736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f99cf0690a9543a2022-02-14 10:58:18.931root 11241100x80000000000000002052737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1792e34d37f6a382022-02-14 10:58:18.931root 11241100x80000000000000002052738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0369e50a3377c02022-02-14 10:58:18.931root 11241100x80000000000000002052739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3856e1a6d7bc5e82022-02-14 10:58:18.931root 11241100x80000000000000002052740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52aa46825babb8a2022-02-14 10:58:18.931root 11241100x80000000000000002052741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adf1ac2e1d949fa2022-02-14 10:58:19.430root 11241100x80000000000000002052742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d27d03b828a9b22022-02-14 10:58:19.430root 11241100x80000000000000002052743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abc4c295e03b9392022-02-14 10:58:19.431root 11241100x80000000000000002052744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0fc5a296fafaa32022-02-14 10:58:19.431root 11241100x80000000000000002052745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d3107058453fcc2022-02-14 10:58:19.431root 11241100x80000000000000002052746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465b90f86b5fc84f2022-02-14 10:58:19.431root 11241100x80000000000000002052747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292e889bd438cf502022-02-14 10:58:19.431root 11241100x80000000000000002052748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35369b6f1ecf70d2022-02-14 10:58:19.432root 11241100x80000000000000002052749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57732e6061377e172022-02-14 10:58:19.432root 11241100x80000000000000002052750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2724bbba7f736e6c2022-02-14 10:58:19.432root 11241100x80000000000000002052751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653045ecda388bb42022-02-14 10:58:19.432root 11241100x80000000000000002052752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521c4f27d45adcfd2022-02-14 10:58:19.432root 11241100x80000000000000002052753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea6023a4d76cef62022-02-14 10:58:19.432root 11241100x80000000000000002052754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fef754d910646d02022-02-14 10:58:19.930root 11241100x80000000000000002052755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6e69607d03a6e12022-02-14 10:58:19.930root 11241100x80000000000000002052756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0198b4852e18d5972022-02-14 10:58:19.931root 11241100x80000000000000002052757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2088d1783489532022-02-14 10:58:19.931root 11241100x80000000000000002052758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1358c1c246068c392022-02-14 10:58:19.931root 11241100x80000000000000002052759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee4bf88231779bb2022-02-14 10:58:19.931root 11241100x80000000000000002052760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4350dc922578b6c42022-02-14 10:58:19.932root 11241100x80000000000000002052761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb7f5180d68098e2022-02-14 10:58:19.932root 11241100x80000000000000002052762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce45d6944b0f1442022-02-14 10:58:19.932root 11241100x80000000000000002052763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedd07710499b1e72022-02-14 10:58:19.932root 11241100x80000000000000002052764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cacbdee485d67e2022-02-14 10:58:19.933root 11241100x80000000000000002052765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b38a2a627a5ad162022-02-14 10:58:19.933root 11241100x80000000000000002052766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:19.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5520ad5b546fb2a2022-02-14 10:58:19.933root 11241100x80000000000000002052767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588c52c787e381852022-02-14 10:58:20.430root 11241100x80000000000000002052768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0529875066d0e52022-02-14 10:58:20.431root 11241100x80000000000000002052769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86cb80bef0f8a532022-02-14 10:58:20.431root 11241100x80000000000000002052770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faf93c9303f1c682022-02-14 10:58:20.431root 11241100x80000000000000002052771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7c0fc22691fa992022-02-14 10:58:20.431root 11241100x80000000000000002052772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e489b74fcfcca52022-02-14 10:58:20.431root 11241100x80000000000000002052773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb6cec5884b0d592022-02-14 10:58:20.432root 11241100x80000000000000002052774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e5466dba6a6ea32022-02-14 10:58:20.432root 11241100x80000000000000002052775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc0a5c6886c26032022-02-14 10:58:20.432root 11241100x80000000000000002052776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41ef8c5ff2c4d422022-02-14 10:58:20.432root 11241100x80000000000000002052777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919fa9566c55fc252022-02-14 10:58:20.432root 11241100x80000000000000002052778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f2702e04424d902022-02-14 10:58:20.433root 11241100x80000000000000002052779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a3a4995ea0ff6b2022-02-14 10:58:20.433root 11241100x80000000000000002052780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c029e934f46f9362022-02-14 10:58:20.930root 11241100x80000000000000002052781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7190876cef99ea412022-02-14 10:58:20.930root 11241100x80000000000000002052782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1c141e68c9bc372022-02-14 10:58:20.930root 11241100x80000000000000002052783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefb97230f46eaa92022-02-14 10:58:20.931root 11241100x80000000000000002052784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cfb27d7fcbb7562022-02-14 10:58:20.931root 11241100x80000000000000002052785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f788ddafb33136132022-02-14 10:58:20.931root 11241100x80000000000000002052786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fd7313d739878e2022-02-14 10:58:20.931root 11241100x80000000000000002052787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425cf48c0dd8b1be2022-02-14 10:58:20.931root 11241100x80000000000000002052788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5459bba815942ce22022-02-14 10:58:20.931root 11241100x80000000000000002052789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc42eece52752efb2022-02-14 10:58:20.932root 11241100x80000000000000002052790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca9bc65bf0b87c72022-02-14 10:58:20.932root 11241100x80000000000000002052791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86129e5f5ebe2e562022-02-14 10:58:20.932root 11241100x80000000000000002052792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d5cb7ae0d0a45f2022-02-14 10:58:20.932root 11241100x80000000000000002052793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766317876a595dbf2022-02-14 10:58:21.431root 11241100x80000000000000002052794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691c44d1940a1ac52022-02-14 10:58:21.431root 11241100x80000000000000002052795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2904921f630279722022-02-14 10:58:21.432root 11241100x80000000000000002052796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68687196aeb932512022-02-14 10:58:21.432root 11241100x80000000000000002052797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962d6b9e5ae306312022-02-14 10:58:21.432root 11241100x80000000000000002052798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e03705d5addc1d2022-02-14 10:58:21.432root 11241100x80000000000000002052799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8c040e9d73e5b62022-02-14 10:58:21.432root 11241100x80000000000000002052800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b3751f698338172022-02-14 10:58:21.433root 11241100x80000000000000002052801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832eec440c3a1ace2022-02-14 10:58:21.433root 11241100x80000000000000002052802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fef0cf438f85fe2022-02-14 10:58:21.433root 11241100x80000000000000002052803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2367abecc36951b72022-02-14 10:58:21.434root 11241100x80000000000000002052804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e34663e94f42892022-02-14 10:58:21.434root 11241100x80000000000000002052805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d70595dc911d0742022-02-14 10:58:21.435root 11241100x80000000000000002052806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005197960061c7b42022-02-14 10:58:21.930root 11241100x80000000000000002052807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03028c914a13ab22022-02-14 10:58:21.930root 11241100x80000000000000002052808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af4ead7c78660b52022-02-14 10:58:21.930root 11241100x80000000000000002052809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6373f4153b08302022-02-14 10:58:21.930root 11241100x80000000000000002052810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e972e78181144e202022-02-14 10:58:21.930root 11241100x80000000000000002052811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef80242781ad07e2022-02-14 10:58:21.930root 11241100x80000000000000002052812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2959e51c9a5aa9df2022-02-14 10:58:21.930root 11241100x80000000000000002052813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8195e66ded70445e2022-02-14 10:58:21.930root 11241100x80000000000000002052814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d3ffbdc12ba2832022-02-14 10:58:21.931root 11241100x80000000000000002052815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c05cacded8df852022-02-14 10:58:21.931root 11241100x80000000000000002052816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3063f25e6867eb3d2022-02-14 10:58:21.931root 11241100x80000000000000002052817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccf742e4a7a7f8f2022-02-14 10:58:21.931root 11241100x80000000000000002052818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd5aabfc4d0bd222022-02-14 10:58:21.931root 11241100x80000000000000002052819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64418f9eaf1686f2022-02-14 10:58:22.430root 11241100x80000000000000002052820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc31aabe14332052022-02-14 10:58:22.430root 11241100x80000000000000002052821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e29a0effed3e332022-02-14 10:58:22.430root 11241100x80000000000000002052822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db78e58be98cfbc22022-02-14 10:58:22.430root 11241100x80000000000000002052823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be6e30f8afd3da62022-02-14 10:58:22.430root 11241100x80000000000000002052824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85af884b84fe0c22022-02-14 10:58:22.430root 11241100x80000000000000002052825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0785872ec148b112022-02-14 10:58:22.430root 11241100x80000000000000002052826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab6fba4a1a071db2022-02-14 10:58:22.430root 11241100x80000000000000002052827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b710491bba3873732022-02-14 10:58:22.431root 11241100x80000000000000002052828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f19feb1901d5b662022-02-14 10:58:22.431root 11241100x80000000000000002052829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d22567b8f7ed352022-02-14 10:58:22.431root 11241100x80000000000000002052830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290c84b2f79fb47b2022-02-14 10:58:22.431root 11241100x80000000000000002052831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86e3476b12b88602022-02-14 10:58:22.431root 11241100x80000000000000002052832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54edaa3a3994d8182022-02-14 10:58:22.930root 11241100x80000000000000002052833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532450a5248dfb0f2022-02-14 10:58:22.930root 11241100x80000000000000002052834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee723be5261b9522022-02-14 10:58:22.930root 11241100x80000000000000002052835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b745acadd52e6e592022-02-14 10:58:22.930root 11241100x80000000000000002052836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb3d4bc2c30d11e2022-02-14 10:58:22.931root 11241100x80000000000000002052837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269f3acd157293812022-02-14 10:58:22.931root 11241100x80000000000000002052838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435461dfd367e9fb2022-02-14 10:58:22.931root 11241100x80000000000000002052839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2878ef50f16ab72022-02-14 10:58:22.931root 11241100x80000000000000002052840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3c6c8fb9a528ce2022-02-14 10:58:22.931root 11241100x80000000000000002052841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a27e5a38ee808d2022-02-14 10:58:22.931root 11241100x80000000000000002052842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd7996c691f9fe12022-02-14 10:58:22.932root 11241100x80000000000000002052843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86620fde18dc14932022-02-14 10:58:22.932root 11241100x80000000000000002052844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7600a3248b90b8162022-02-14 10:58:22.932root 11241100x80000000000000002052845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8487d8bd4eb38af2022-02-14 10:58:23.430root 11241100x80000000000000002052846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0124459f57b81bd52022-02-14 10:58:23.430root 11241100x80000000000000002052847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8816cd1de52b8f332022-02-14 10:58:23.430root 11241100x80000000000000002052848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7bb3fda5e16aa32022-02-14 10:58:23.430root 11241100x80000000000000002052849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0727105508de150e2022-02-14 10:58:23.431root 11241100x80000000000000002052850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bc4a332cac689e2022-02-14 10:58:23.431root 11241100x80000000000000002052851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9233becd4c19c42022-02-14 10:58:23.431root 11241100x80000000000000002052852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b61e8e858f1539c2022-02-14 10:58:23.431root 11241100x80000000000000002052853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dc008f55c5043f2022-02-14 10:58:23.431root 11241100x80000000000000002052854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46628fa6e015fb4e2022-02-14 10:58:23.431root 11241100x80000000000000002052855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357f2535469cf8672022-02-14 10:58:23.431root 11241100x80000000000000002052856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65b43b32cb4b9b32022-02-14 10:58:23.431root 11241100x80000000000000002052857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201075278e8ef0a92022-02-14 10:58:23.431root 11241100x80000000000000002052858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9a5467e5c47b912022-02-14 10:58:23.930root 11241100x80000000000000002052859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333e8043a86d77b62022-02-14 10:58:23.930root 11241100x80000000000000002052860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fa928461079f5b2022-02-14 10:58:23.930root 11241100x80000000000000002052861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5618ff233c1ee44a2022-02-14 10:58:23.930root 11241100x80000000000000002052862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce2daae1d5f4cac2022-02-14 10:58:23.930root 11241100x80000000000000002052863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf0fe9fbbcfd68e2022-02-14 10:58:23.931root 11241100x80000000000000002052864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4519417fb5515b042022-02-14 10:58:23.931root 11241100x80000000000000002052865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9846479d5df526412022-02-14 10:58:23.931root 11241100x80000000000000002052866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0811c12630a2398e2022-02-14 10:58:23.931root 11241100x80000000000000002052867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18653d6cbd12be62022-02-14 10:58:23.931root 11241100x80000000000000002052868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f08c6536d239542022-02-14 10:58:23.931root 11241100x80000000000000002052869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a0d8b0b82ff8c42022-02-14 10:58:23.931root 11241100x80000000000000002052870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1096b21317397d6d2022-02-14 10:58:23.931root 354300x80000000000000002052871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.059{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54728-false10.0.1.12-8000- 11241100x80000000000000002052872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d483560d35ab2792022-02-14 10:58:24.430root 11241100x80000000000000002052873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64acf9972c63c142022-02-14 10:58:24.430root 11241100x80000000000000002052874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34f47a28bf9a9a92022-02-14 10:58:24.430root 11241100x80000000000000002052875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c739ce5dd3cab92022-02-14 10:58:24.430root 11241100x80000000000000002052876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d305ed2603189eb62022-02-14 10:58:24.430root 11241100x80000000000000002052877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f646ae846212fd42022-02-14 10:58:24.431root 11241100x80000000000000002052878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dc4564011ed6b12022-02-14 10:58:24.431root 11241100x80000000000000002052879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aecfd78a47cdb5c2022-02-14 10:58:24.431root 11241100x80000000000000002052880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3635d116c89c6a2022-02-14 10:58:24.431root 11241100x80000000000000002052881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ff889b2520ca302022-02-14 10:58:24.431root 11241100x80000000000000002052882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a407056720cee1962022-02-14 10:58:24.431root 11241100x80000000000000002052883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5cc91e974e66132022-02-14 10:58:24.431root 11241100x80000000000000002052884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201b7532973887ac2022-02-14 10:58:24.431root 11241100x80000000000000002052885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d491ede1f707572022-02-14 10:58:24.431root 11241100x80000000000000002052886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f8f58a8b97e95a2022-02-14 10:58:24.930root 11241100x80000000000000002052887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f4fdfdaeaacd692022-02-14 10:58:24.930root 11241100x80000000000000002052888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd632629dfd3f542022-02-14 10:58:24.930root 11241100x80000000000000002052889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39df993ad0fba9dd2022-02-14 10:58:24.930root 11241100x80000000000000002052890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6572dfd303a2a952022-02-14 10:58:24.930root 11241100x80000000000000002052891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c134492a0851c892022-02-14 10:58:24.930root 11241100x80000000000000002052892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d958ba3219341772022-02-14 10:58:24.931root 11241100x80000000000000002052893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863e77a75760f03a2022-02-14 10:58:24.931root 11241100x80000000000000002052894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336d9dea7f50f2c32022-02-14 10:58:24.931root 11241100x80000000000000002052895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b67183fdc320472022-02-14 10:58:24.931root 11241100x80000000000000002052896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6fe4e63e2abcae2022-02-14 10:58:24.931root 11241100x80000000000000002052897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbbec7014dd483a2022-02-14 10:58:24.931root 11241100x80000000000000002052898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d51e568e332456c2022-02-14 10:58:24.931root 11241100x80000000000000002052899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f717631dbb343fbd2022-02-14 10:58:24.931root 11241100x80000000000000002052900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f2d228dd65cd282022-02-14 10:58:25.430root 11241100x80000000000000002052901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0efce356e55c0c2022-02-14 10:58:25.430root 11241100x80000000000000002052902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b6f965db37ad1d2022-02-14 10:58:25.430root 11241100x80000000000000002052903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae837914fd17fea2022-02-14 10:58:25.430root 11241100x80000000000000002052904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62108187e5e19d792022-02-14 10:58:25.430root 11241100x80000000000000002052905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb4e8dc27ab2fbf2022-02-14 10:58:25.430root 11241100x80000000000000002052906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbdf42b210316b82022-02-14 10:58:25.430root 11241100x80000000000000002052907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9aae62836e863b2022-02-14 10:58:25.431root 11241100x80000000000000002052908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c170c05c364b142022-02-14 10:58:25.431root 11241100x80000000000000002052909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490dc2f7814adad92022-02-14 10:58:25.431root 11241100x80000000000000002052910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a91ed251aaabde2022-02-14 10:58:25.431root 11241100x80000000000000002052911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc872dbb80cb19b2022-02-14 10:58:25.431root 11241100x80000000000000002052912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f46265fe58781da2022-02-14 10:58:25.431root 11241100x80000000000000002052913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a1317d40b137a72022-02-14 10:58:25.431root 11241100x80000000000000002052914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a147c67d047ceea62022-02-14 10:58:25.930root 11241100x80000000000000002052915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd19fb0778ba6a942022-02-14 10:58:25.930root 11241100x80000000000000002052916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c0971f3ceb20672022-02-14 10:58:25.930root 11241100x80000000000000002052917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaff5df90bafdceb2022-02-14 10:58:25.930root 11241100x80000000000000002052918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc13adb97f7a0df2022-02-14 10:58:25.930root 11241100x80000000000000002052919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1056ac3e9099264f2022-02-14 10:58:25.931root 11241100x80000000000000002052920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e9ceebe75c3502022-02-14 10:58:25.931root 11241100x80000000000000002052921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532ff313dbdda0cd2022-02-14 10:58:25.931root 11241100x80000000000000002052922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9ed39ec85e80a32022-02-14 10:58:25.931root 11241100x80000000000000002052923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c90f3a921f4aa492022-02-14 10:58:25.931root 11241100x80000000000000002052924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f0cb6afb2dfff62022-02-14 10:58:25.931root 11241100x80000000000000002052925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1b2903eeeb32502022-02-14 10:58:25.931root 11241100x80000000000000002052926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b1c0d5784810942022-02-14 10:58:25.931root 11241100x80000000000000002052927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446d04d75c13f4202022-02-14 10:58:25.931root 11241100x80000000000000002052928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97614fca42178fc02022-02-14 10:58:26.429root 11241100x80000000000000002052929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3055005e01da866d2022-02-14 10:58:26.430root 11241100x80000000000000002052930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c038eb018c40ac72022-02-14 10:58:26.430root 11241100x80000000000000002052931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9cefa7636501eb2022-02-14 10:58:26.430root 11241100x80000000000000002052932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82133d51f7a74ec62022-02-14 10:58:26.430root 11241100x80000000000000002052933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ef6422e5c99b032022-02-14 10:58:26.430root 11241100x80000000000000002052934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1934516b025ff92022-02-14 10:58:26.430root 11241100x80000000000000002052935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9af23a8aaf0d742022-02-14 10:58:26.430root 11241100x80000000000000002052936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730fe1d2bc09ba752022-02-14 10:58:26.431root 11241100x80000000000000002052937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5502ebc564cf6d5b2022-02-14 10:58:26.431root 11241100x80000000000000002052938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633d60b12757a7d82022-02-14 10:58:26.431root 11241100x80000000000000002052939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f11f504709e91782022-02-14 10:58:26.431root 11241100x80000000000000002052940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f102d73d33b9be092022-02-14 10:58:26.431root 11241100x80000000000000002052941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716c12cd816a20e22022-02-14 10:58:26.431root 11241100x80000000000000002052942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c865fb890ff94a3e2022-02-14 10:58:26.431root 11241100x80000000000000002052943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7321712c7d31face2022-02-14 10:58:26.431root 11241100x80000000000000002052944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640f0470f08f7b2d2022-02-14 10:58:26.930root 11241100x80000000000000002052945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a231515792defc8b2022-02-14 10:58:26.930root 11241100x80000000000000002052946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d843ee64f1e5341b2022-02-14 10:58:26.930root 11241100x80000000000000002052947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e48322fd57d01502022-02-14 10:58:26.930root 11241100x80000000000000002052948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e89ce7be6d22182022-02-14 10:58:26.930root 11241100x80000000000000002052949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0887946c6f3ced1b2022-02-14 10:58:26.931root 11241100x80000000000000002052950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bf9f8cef3c244c2022-02-14 10:58:26.931root 11241100x80000000000000002052951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d799783e1f6407cd2022-02-14 10:58:26.931root 11241100x80000000000000002052952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ec09eee03ea1a42022-02-14 10:58:26.931root 11241100x80000000000000002052953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e9f9a3334a43042022-02-14 10:58:26.931root 11241100x80000000000000002052954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a44a2e2d8c4123f2022-02-14 10:58:26.931root 11241100x80000000000000002052955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df918554b08efd742022-02-14 10:58:26.931root 11241100x80000000000000002052956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6c2e9e73a7e82d2022-02-14 10:58:26.931root 11241100x80000000000000002052957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:26.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b53019ffd612dbd2022-02-14 10:58:26.932root 154100x80000000000000002052958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.388{ec2ab09f-35d3-620a-e8f6-6d816c550000}2412/bin/ls-----ls --color=auto -l /va/log/syslog/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2411--- 154100x80000000000000002052959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.388{ec2ab09f-35d3-620a-f0ec-124d33560000}2413/usr/bin/gawk-----awk {print $5}/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2411--- 11241100x80000000000000002052960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.389{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cd549fa9b155832022-02-14 10:58:27.389root 11241100x80000000000000002052961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.389{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85266d53f54788b2022-02-14 10:58:27.389root 11241100x80000000000000002052962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.390{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad4452c2ae7fe262022-02-14 10:58:27.390root 534500x80000000000000002052963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.390{ec2ab09f-35d3-620a-e8f6-6d816c550000}2412/bin/lsubuntu 11241100x80000000000000002052964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.390{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752a707dd69a43972022-02-14 10:58:27.390root 11241100x80000000000000002052965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.390{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d23fcb45a04a412022-02-14 10:58:27.390root 11241100x80000000000000002052966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.390{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a2ff8c018684f52022-02-14 10:58:27.390root 11241100x80000000000000002052967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.390{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff70c6be86ad9a292022-02-14 10:58:27.390root 534500x80000000000000002052968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.390{ec2ab09f-35d3-620a-f0ec-124d33560000}2413/usr/bin/gawkubuntu 11241100x80000000000000002052969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.390{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612532742313f1e62022-02-14 10:58:27.390root 11241100x80000000000000002052970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.390{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2937ccf2f43806a92022-02-14 10:58:27.390root 11241100x80000000000000002052971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.391{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7535f50b5a21f72022-02-14 10:58:27.391root 11241100x80000000000000002052972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.391{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e08eb0803e105c2022-02-14 10:58:27.391root 11241100x80000000000000002052973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.391{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815cd2a3cfd05f9e2022-02-14 10:58:27.391root 534500x80000000000000002052974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.391{00000000-0000-0000-0000-000000000000}2411<unknown process>ubuntu 154100x80000000000000002052975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.391{ec2ab09f-35d3-620a-60ec-0bb335560000}2414/bin/dd-----dd of=/dev/zero if=/var/log/syslog count= iflag=count_bytes/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{ec2ab09f-1691-620a-0814-31b1c5550000}2004/bin/bash-bashubuntu 11241100x80000000000000002052976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.392{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40d85a2d3964d4b2022-02-14 10:58:27.392root 11241100x80000000000000002052977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.392{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fbb30ed163f31e2022-02-14 10:58:27.392root 11241100x80000000000000002052978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.392{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba0083a4d84af042022-02-14 10:58:27.392root 534500x80000000000000002052979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.392{ec2ab09f-35d3-620a-60ec-0bb335560000}2414/bin/ddubuntu 11241100x80000000000000002052980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.393{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0c1313ba2e4b572022-02-14 10:58:27.393root 11241100x80000000000000002052981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.393{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e6de112ca1890d2022-02-14 10:58:27.393root 11241100x80000000000000002052982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5470905f0aca45d02022-02-14 10:58:27.680root 11241100x80000000000000002052983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b642d4ae0646479c2022-02-14 10:58:27.680root 11241100x80000000000000002052984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5acdff7db8b1462022-02-14 10:58:27.681root 11241100x80000000000000002052985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc571cababd58152022-02-14 10:58:27.681root 11241100x80000000000000002052986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b237e4cf6efc50b42022-02-14 10:58:27.681root 11241100x80000000000000002052987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28a42d128e236932022-02-14 10:58:27.681root 11241100x80000000000000002052988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26c96cfd2c7f25f2022-02-14 10:58:27.681root 11241100x80000000000000002052989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5896cbdd0a0df7d62022-02-14 10:58:27.681root 11241100x80000000000000002052990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fe2b4f863fa5572022-02-14 10:58:27.681root 11241100x80000000000000002052991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ceea16f081706a2022-02-14 10:58:27.681root 11241100x80000000000000002052992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0cf714843b8b3c2022-02-14 10:58:27.682root 11241100x80000000000000002052993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e060d352341df32022-02-14 10:58:27.682root 11241100x80000000000000002052994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb77b48f24209f32022-02-14 10:58:27.682root 11241100x80000000000000002052995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ab06e3212a34a22022-02-14 10:58:27.682root 11241100x80000000000000002052996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52853acf0eaaece2022-02-14 10:58:27.682root 11241100x80000000000000002052997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8d7d8295ae52e32022-02-14 10:58:27.682root 11241100x80000000000000002052998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bbe14bc8274f292022-02-14 10:58:27.682root 11241100x80000000000000002052999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca74a2ea258ac80d2022-02-14 10:58:27.682root 11241100x80000000000000002053000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6b3cc5d049aafe2022-02-14 10:58:27.682root 11241100x80000000000000002053001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7481ba66709fd15d2022-02-14 10:58:27.682root 11241100x80000000000000002053002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfe5d8084c2b0192022-02-14 10:58:27.682root 11241100x80000000000000002053003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64f66c488e66aaf2022-02-14 10:58:28.180root 11241100x80000000000000002053004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b7829cbd8da8372022-02-14 10:58:28.181root 11241100x80000000000000002053005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d363fd62e1efef462022-02-14 10:58:28.181root 11241100x80000000000000002053006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b227cdfc2da67fc32022-02-14 10:58:28.182root 11241100x80000000000000002053007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fe733fa786e7da2022-02-14 10:58:28.185root 11241100x80000000000000002053008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f59e34cc1af13a2022-02-14 10:58:28.186root 11241100x80000000000000002053009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331bf5a6a15d477d2022-02-14 10:58:28.186root 11241100x80000000000000002053010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bc6aeb42217af72022-02-14 10:58:28.186root 11241100x80000000000000002053011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebd4e97ee22ecb52022-02-14 10:58:28.186root 11241100x80000000000000002053012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d43679f62d56ca32022-02-14 10:58:28.187root 11241100x80000000000000002053013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047b98f04c8df42f2022-02-14 10:58:28.187root 11241100x80000000000000002053014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c95d2df7dd1c4ac2022-02-14 10:58:28.187root 11241100x80000000000000002053015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113be82a6778708f2022-02-14 10:58:28.188root 11241100x80000000000000002053016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddee35e9e2e10212022-02-14 10:58:28.188root 11241100x80000000000000002053017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6513b4b5814bc62022-02-14 10:58:28.188root 11241100x80000000000000002053018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431851ee01c3459e2022-02-14 10:58:28.189root 11241100x80000000000000002053019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8386bf8bfd1de44b2022-02-14 10:58:28.189root 11241100x80000000000000002053020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3817cbe94cb324ea2022-02-14 10:58:28.189root 11241100x80000000000000002053021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0802279e1df3062022-02-14 10:58:28.189root 11241100x80000000000000002053022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78889a6bcef1c3712022-02-14 10:58:28.190root 11241100x80000000000000002053023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18af8a91218770612022-02-14 10:58:28.190root 11241100x80000000000000002053024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e808d6239adf2e2022-02-14 10:58:28.680root 11241100x80000000000000002053025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601f750ee88443ed2022-02-14 10:58:28.681root 11241100x80000000000000002053026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a33b2ac75d79222022-02-14 10:58:28.681root 11241100x80000000000000002053027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df97290cd87079992022-02-14 10:58:28.681root 11241100x80000000000000002053028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592c58f40f71ed392022-02-14 10:58:28.682root 11241100x80000000000000002053029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded9c5844f59dd512022-02-14 10:58:28.682root 11241100x80000000000000002053030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6cf3fc79b77d0c2022-02-14 10:58:28.682root 11241100x80000000000000002053031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c63fca70bd7d0342022-02-14 10:58:28.682root 11241100x80000000000000002053032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1509c6278c175a8a2022-02-14 10:58:28.683root 11241100x80000000000000002053033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8355a724173231362022-02-14 10:58:28.683root 11241100x80000000000000002053034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9ebd2ed87cf6962022-02-14 10:58:28.684root 11241100x80000000000000002053035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdacc407862145d2022-02-14 10:58:28.684root 11241100x80000000000000002053036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79221c929818b3752022-02-14 10:58:28.684root 11241100x80000000000000002053037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb51483ada98a96d2022-02-14 10:58:28.685root 11241100x80000000000000002053038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e17ce77de2c3fc2022-02-14 10:58:28.685root 11241100x80000000000000002053039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2d0c54e8239e6e2022-02-14 10:58:28.685root 11241100x80000000000000002053040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09519bab3b4dc7e52022-02-14 10:58:28.685root 11241100x80000000000000002053041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d0051a8db349f92022-02-14 10:58:28.685root 11241100x80000000000000002053042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05044fd58babe4c2022-02-14 10:58:28.685root 11241100x80000000000000002053043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8a7fc1ffd66c6e2022-02-14 10:58:28.685root 11241100x80000000000000002053044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:28.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39a1a302a0267772022-02-14 10:58:28.686root 354300x80000000000000002053045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.179{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54730-false10.0.1.12-8000- 11241100x80000000000000002053046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ea90144b8698c02022-02-14 10:58:29.180root 11241100x80000000000000002053047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054ca1c3efa4d8b42022-02-14 10:58:29.180root 11241100x80000000000000002053048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aee0bc3796663882022-02-14 10:58:29.180root 11241100x80000000000000002053049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315dfe5b196a51eb2022-02-14 10:58:29.180root 11241100x80000000000000002053050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c71d679c292c4902022-02-14 10:58:29.180root 11241100x80000000000000002053051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87afa2182affc71c2022-02-14 10:58:29.180root 11241100x80000000000000002053052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d711f06de46ef1b92022-02-14 10:58:29.180root 11241100x80000000000000002053053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef110a035119c5242022-02-14 10:58:29.180root 11241100x80000000000000002053054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b970b3a7efb74882022-02-14 10:58:29.181root 11241100x80000000000000002053055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf458b52c3694c22022-02-14 10:58:29.181root 11241100x80000000000000002053056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d88de1100c2d6c2022-02-14 10:58:29.181root 11241100x80000000000000002053057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d53acc19f46bb32022-02-14 10:58:29.181root 11241100x80000000000000002053058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc21aee1ee0bc37c2022-02-14 10:58:29.181root 11241100x80000000000000002053059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4274ceff62eab62022-02-14 10:58:29.181root 11241100x80000000000000002053060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafd155d39efad0f2022-02-14 10:58:29.181root 11241100x80000000000000002053061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788d13d746ef07392022-02-14 10:58:29.181root 11241100x80000000000000002053062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4e08c797646bf32022-02-14 10:58:29.181root 11241100x80000000000000002053063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5b467449a0e6832022-02-14 10:58:29.181root 11241100x80000000000000002053064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babfe603130c5e6e2022-02-14 10:58:29.182root 11241100x80000000000000002053065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2614695243ef662022-02-14 10:58:29.182root 11241100x80000000000000002053066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7a20d08940cd9c2022-02-14 10:58:29.182root 11241100x80000000000000002053067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa31d352dc34f712022-02-14 10:58:29.182root 11241100x80000000000000002053068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f509c915ade8dd9e2022-02-14 10:58:29.182root 11241100x80000000000000002053069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82652d9e91e025c2022-02-14 10:58:29.182root 11241100x80000000000000002053070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d70a79e8d6b7f092022-02-14 10:58:29.182root 11241100x80000000000000002053071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7c0fec93e61d3e2022-02-14 10:58:29.182root 11241100x80000000000000002053072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912a32a8d4cc74ca2022-02-14 10:58:29.182root 11241100x80000000000000002053073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506461f435fbb2312022-02-14 10:58:29.182root 11241100x80000000000000002053074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0d65efb494b2e12022-02-14 10:58:29.182root 11241100x80000000000000002053075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b02d65e21982d912022-02-14 10:58:29.182root 11241100x80000000000000002053076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35e7c4e4e8ec0912022-02-14 10:58:29.183root 11241100x80000000000000002053077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42210ddcd7c52472022-02-14 10:58:29.183root 11241100x80000000000000002053078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c78ee502e0d352022-02-14 10:58:29.183root 11241100x80000000000000002053079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b45b4c9e9eb66292022-02-14 10:58:29.183root 11241100x80000000000000002053080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c62127130576442022-02-14 10:58:29.183root 11241100x80000000000000002053081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1aeb67f86ce5172022-02-14 10:58:29.183root 11241100x80000000000000002053082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed5238d7d114d752022-02-14 10:58:29.183root 11241100x80000000000000002053083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b07ce21aaa3f8d2022-02-14 10:58:29.183root 11241100x80000000000000002053084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7116720cb55ff2c22022-02-14 10:58:29.183root 11241100x80000000000000002053085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740f54188698bffa2022-02-14 10:58:29.183root 11241100x80000000000000002053086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaf64679aa3f5712022-02-14 10:58:29.680root 11241100x80000000000000002053087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa85a2eacd4c3d0c2022-02-14 10:58:29.680root 11241100x80000000000000002053088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde4c38e161b29482022-02-14 10:58:29.681root 11241100x80000000000000002053089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad1b106bb54f2542022-02-14 10:58:29.681root 11241100x80000000000000002053090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1584e8def74e712022-02-14 10:58:29.681root 11241100x80000000000000002053091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d09b895f69a2602022-02-14 10:58:29.681root 11241100x80000000000000002053092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9282dd0da2ef56382022-02-14 10:58:29.681root 11241100x80000000000000002053093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51fd193770c32aa2022-02-14 10:58:29.681root 11241100x80000000000000002053094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64adaeaf4db82e642022-02-14 10:58:29.681root 11241100x80000000000000002053095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa53002e2a59cc602022-02-14 10:58:29.681root 11241100x80000000000000002053096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3a9ac4f105fcd22022-02-14 10:58:29.681root 11241100x80000000000000002053097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c580d5ab8a5d872022-02-14 10:58:29.681root 11241100x80000000000000002053098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3420e27a3da8ae2022-02-14 10:58:29.681root 11241100x80000000000000002053099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddc92e8bdf8715b2022-02-14 10:58:29.681root 11241100x80000000000000002053100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549c16ae805b27192022-02-14 10:58:29.682root 11241100x80000000000000002053101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da68c599446ebb9e2022-02-14 10:58:29.682root 11241100x80000000000000002053102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ee49616d9a0de02022-02-14 10:58:29.682root 11241100x80000000000000002053103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0ac8b4e05499a82022-02-14 10:58:29.682root 11241100x80000000000000002053104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d928d3bdcd92636e2022-02-14 10:58:29.682root 11241100x80000000000000002053105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069a40af4bb76e282022-02-14 10:58:29.682root 11241100x80000000000000002053106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538beac4c9c348002022-02-14 10:58:29.682root 11241100x80000000000000002053107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:29.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a90fe40c858ae62022-02-14 10:58:29.683root 11241100x80000000000000002053108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73753803590bb3652022-02-14 10:58:30.180root 11241100x80000000000000002053109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9250d12c47445eb2022-02-14 10:58:30.180root 11241100x80000000000000002053110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b43dd59b4ccba12022-02-14 10:58:30.180root 11241100x80000000000000002053111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd2de3dc1d683332022-02-14 10:58:30.181root 11241100x80000000000000002053112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b31ab1f9d0271c02022-02-14 10:58:30.181root 11241100x80000000000000002053113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e256a5c73f46e232022-02-14 10:58:30.181root 11241100x80000000000000002053114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c732159eb73174852022-02-14 10:58:30.181root 11241100x80000000000000002053115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd18c92738a98122022-02-14 10:58:30.181root 11241100x80000000000000002053116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36a78e5dab38f6e2022-02-14 10:58:30.181root 11241100x80000000000000002053117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff7cd44afef4c902022-02-14 10:58:30.181root 11241100x80000000000000002053118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c543016e2c15c1b2022-02-14 10:58:30.181root 11241100x80000000000000002053119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002cde1f0811885f2022-02-14 10:58:30.181root 11241100x80000000000000002053120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3608c5d40818db2022-02-14 10:58:30.181root 11241100x80000000000000002053121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365a1d9ce31e92962022-02-14 10:58:30.181root 11241100x80000000000000002053122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3615678e541e3b4a2022-02-14 10:58:30.181root 11241100x80000000000000002053123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf5bb5fa45ba6302022-02-14 10:58:30.181root 11241100x80000000000000002053124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acd2f3fdf3019902022-02-14 10:58:30.182root 11241100x80000000000000002053125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f807b7a173b69962022-02-14 10:58:30.182root 11241100x80000000000000002053126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01ccfa21f63642e2022-02-14 10:58:30.182root 11241100x80000000000000002053127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b7feb47f3cf5d12022-02-14 10:58:30.182root 11241100x80000000000000002053128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb48625529293bc2022-02-14 10:58:30.182root 11241100x80000000000000002053129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d796725a6a4e8f9c2022-02-14 10:58:30.182root 11241100x80000000000000002053130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74531e4a6b3b0cc2022-02-14 10:58:30.680root 11241100x80000000000000002053131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd229dda34a13d7d2022-02-14 10:58:30.680root 11241100x80000000000000002053132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726449fd2f027c942022-02-14 10:58:30.681root 11241100x80000000000000002053133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bab71bbb97a4d72022-02-14 10:58:30.681root 11241100x80000000000000002053134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b10b3f3a6a11b6c2022-02-14 10:58:30.681root 11241100x80000000000000002053135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da5e48d64e3ab7e2022-02-14 10:58:30.681root 11241100x80000000000000002053136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0362124318c4dc272022-02-14 10:58:30.681root 11241100x80000000000000002053137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f2e6313922bf072022-02-14 10:58:30.681root 11241100x80000000000000002053138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e06c3251c278de2022-02-14 10:58:30.681root 11241100x80000000000000002053139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434068edd66d86ac2022-02-14 10:58:30.681root 11241100x80000000000000002053140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053aa4ea0bac07662022-02-14 10:58:30.681root 11241100x80000000000000002053141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47590e8b8ad91c2f2022-02-14 10:58:30.681root 11241100x80000000000000002053142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687c446b82f480ff2022-02-14 10:58:30.681root 11241100x80000000000000002053143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79225b97fcd398d72022-02-14 10:58:30.681root 11241100x80000000000000002053144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1291d412e354aa2022-02-14 10:58:30.682root 11241100x80000000000000002053145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473abd0553a8c6272022-02-14 10:58:30.682root 11241100x80000000000000002053146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8db2225f3bd10d32022-02-14 10:58:30.682root 11241100x80000000000000002053147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eb4630e7cad5592022-02-14 10:58:30.682root 11241100x80000000000000002053148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afa56441f00b3fb2022-02-14 10:58:30.682root 11241100x80000000000000002053149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6e8618e91e7f3a2022-02-14 10:58:30.682root 11241100x80000000000000002053150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7210d6c18b839bdb2022-02-14 10:58:30.682root 11241100x80000000000000002053151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:30.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9ea3482ef4e44c2022-02-14 10:58:30.682root 11241100x80000000000000002053152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3cd1dc96f3d9b22022-02-14 10:58:31.181root 11241100x80000000000000002053153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf67a6bd69b03132022-02-14 10:58:31.181root 11241100x80000000000000002053154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d84a59d8c58c522022-02-14 10:58:31.181root 11241100x80000000000000002053155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d5a4120ff7abbb2022-02-14 10:58:31.181root 11241100x80000000000000002053156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac7e3a21b7f479f2022-02-14 10:58:31.181root 11241100x80000000000000002053157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80450d1630805f392022-02-14 10:58:31.182root 11241100x80000000000000002053158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bef333e387bc2f2022-02-14 10:58:31.182root 11241100x80000000000000002053159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6207b906b676eaf42022-02-14 10:58:31.182root 11241100x80000000000000002053160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0425ac582eaace32022-02-14 10:58:31.182root 11241100x80000000000000002053161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846c48f5829228882022-02-14 10:58:31.182root 11241100x80000000000000002053162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a4fdad2725e6062022-02-14 10:58:31.182root 11241100x80000000000000002053163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8e780011a246d82022-02-14 10:58:31.183root 11241100x80000000000000002053164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a85be0160be3a6c2022-02-14 10:58:31.183root 11241100x80000000000000002053165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1723b45603e2b0092022-02-14 10:58:31.183root 11241100x80000000000000002053166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e823db26719cc8482022-02-14 10:58:31.183root 11241100x80000000000000002053167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad44f659a8ed96172022-02-14 10:58:31.183root 11241100x80000000000000002053168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32787e1f6d2768992022-02-14 10:58:31.183root 11241100x80000000000000002053169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82bc9737633c9252022-02-14 10:58:31.183root 11241100x80000000000000002053170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1466d3febfef4262022-02-14 10:58:31.184root 11241100x80000000000000002053171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8246f58c1566f12022-02-14 10:58:31.184root 11241100x80000000000000002053172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eedd556f9fc68c2022-02-14 10:58:31.184root 11241100x80000000000000002053173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c8ae6d908099212022-02-14 10:58:31.184root 11241100x80000000000000002053174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56297ed5e940e88d2022-02-14 10:58:31.679root 11241100x80000000000000002053175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedbea6d51b64a012022-02-14 10:58:31.680root 11241100x80000000000000002053176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501206b62ece03932022-02-14 10:58:31.680root 11241100x80000000000000002053177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b21f2b6b163d2192022-02-14 10:58:31.680root 11241100x80000000000000002053178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ed813afa1a71402022-02-14 10:58:31.680root 11241100x80000000000000002053179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f3a32d2916801d2022-02-14 10:58:31.680root 11241100x80000000000000002053180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267fe839502a20c02022-02-14 10:58:31.680root 11241100x80000000000000002053181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ae0a2d7ed7272b2022-02-14 10:58:31.680root 11241100x80000000000000002053182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7d8daa8b8ada0b2022-02-14 10:58:31.680root 11241100x80000000000000002053183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98ba08fc133b7e22022-02-14 10:58:31.681root 11241100x80000000000000002053184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd75488fd7f369bb2022-02-14 10:58:31.681root 11241100x80000000000000002053185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ab43db072c526b2022-02-14 10:58:31.681root 11241100x80000000000000002053186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a90e7e5d8740db72022-02-14 10:58:31.681root 11241100x80000000000000002053187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460ecf756115c6a82022-02-14 10:58:31.681root 11241100x80000000000000002053188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496d41ffdca20e342022-02-14 10:58:31.681root 11241100x80000000000000002053189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79892809eec078f82022-02-14 10:58:31.681root 11241100x80000000000000002053190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52866ee778e63df22022-02-14 10:58:31.681root 11241100x80000000000000002053191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b947e128cc5dd7ed2022-02-14 10:58:31.681root 11241100x80000000000000002053192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14011ac5ffe9137e2022-02-14 10:58:31.681root 11241100x80000000000000002053193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed84e068854b9b092022-02-14 10:58:31.681root 11241100x80000000000000002053194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa513f7f04009412022-02-14 10:58:31.682root 11241100x80000000000000002053195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454de0d25ce15d172022-02-14 10:58:31.682root 11241100x80000000000000002053196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2891da836ed7db82022-02-14 10:58:31.682root 11241100x80000000000000002053197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b056b2a882c451452022-02-14 10:58:31.682root 11241100x80000000000000002053198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ecf3db16b0c28a2022-02-14 10:58:31.682root 11241100x80000000000000002053199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48a544b2be3cf5e2022-02-14 10:58:31.682root 11241100x80000000000000002053200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021879821725502e2022-02-14 10:58:31.682root 11241100x80000000000000002053201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26d621a6b1386b32022-02-14 10:58:32.180root 11241100x80000000000000002053202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b127d5ab500588ac2022-02-14 10:58:32.180root 11241100x80000000000000002053203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6c7849c825da972022-02-14 10:58:32.180root 11241100x80000000000000002053204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ac0507d16b4c102022-02-14 10:58:32.180root 11241100x80000000000000002053205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab9f59dd230617c2022-02-14 10:58:32.180root 11241100x80000000000000002053206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a656a6869f37542022-02-14 10:58:32.181root 11241100x80000000000000002053207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e437bd03bf569b502022-02-14 10:58:32.181root 11241100x80000000000000002053208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af11fe9cb9f9898b2022-02-14 10:58:32.181root 11241100x80000000000000002053209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adfe884f389fc022022-02-14 10:58:32.181root 11241100x80000000000000002053210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d785e1511e020a52022-02-14 10:58:32.181root 11241100x80000000000000002053211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5804f21d6c2bfe02022-02-14 10:58:32.181root 11241100x80000000000000002053212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ee7e5c5b35bb1c2022-02-14 10:58:32.181root 11241100x80000000000000002053213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceb91db645a40bd2022-02-14 10:58:32.181root 11241100x80000000000000002053214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4a6c8934a731f82022-02-14 10:58:32.182root 11241100x80000000000000002053215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fecd41c0217e252022-02-14 10:58:32.182root 11241100x80000000000000002053216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8498a1ed3fab54a2022-02-14 10:58:32.182root 11241100x80000000000000002053217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7cc3f0f29494b52022-02-14 10:58:32.182root 11241100x80000000000000002053218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349d8797ded238062022-02-14 10:58:32.182root 11241100x80000000000000002053219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc607d6b3aee9e72022-02-14 10:58:32.182root 11241100x80000000000000002053220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8511b60a8668a80c2022-02-14 10:58:32.182root 11241100x80000000000000002053221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c13a023c577a862022-02-14 10:58:32.182root 11241100x80000000000000002053222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690656af44fb67a62022-02-14 10:58:32.182root 11241100x80000000000000002053223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd089c55d2c10ee2022-02-14 10:58:32.680root 11241100x80000000000000002053224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8933c7268c7d15452022-02-14 10:58:32.680root 11241100x80000000000000002053225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7edf3a7a88df7eb2022-02-14 10:58:32.681root 11241100x80000000000000002053226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a5d5763fc351b92022-02-14 10:58:32.681root 11241100x80000000000000002053227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb14422374d66ef52022-02-14 10:58:32.681root 11241100x80000000000000002053228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcfd01af18ddf902022-02-14 10:58:32.681root 11241100x80000000000000002053229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11295ef0dfe636ca2022-02-14 10:58:32.681root 11241100x80000000000000002053230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8d32cca4eda00b2022-02-14 10:58:32.682root 11241100x80000000000000002053231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf38139b417127b2022-02-14 10:58:32.682root 11241100x80000000000000002053232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6e58854e492f062022-02-14 10:58:32.682root 11241100x80000000000000002053233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6356da446dda7c42022-02-14 10:58:32.682root 11241100x80000000000000002053234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40bf8d0650dcd592022-02-14 10:58:32.682root 11241100x80000000000000002053235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0faa606b3da5d42022-02-14 10:58:32.682root 11241100x80000000000000002053236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580705a00108a5802022-02-14 10:58:32.682root 11241100x80000000000000002053237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb39fbde7943e0c2022-02-14 10:58:32.683root 11241100x80000000000000002053238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af0d2de1a7042dc2022-02-14 10:58:32.683root 11241100x80000000000000002053239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4911ae6b5f3ba12022-02-14 10:58:32.683root 11241100x80000000000000002053240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663502b01506beed2022-02-14 10:58:32.683root 11241100x80000000000000002053241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efb4c852553dbaa2022-02-14 10:58:32.683root 11241100x80000000000000002053242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b04e1a551b9bfed2022-02-14 10:58:32.684root 11241100x80000000000000002053243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fb63fd2e29e0182022-02-14 10:58:32.684root 11241100x80000000000000002053244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af786db46779ef12022-02-14 10:58:32.685root 11241100x80000000000000002053245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33cb5d19b488fce2022-02-14 10:58:33.180root 11241100x80000000000000002053246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9867e660ab810822022-02-14 10:58:33.181root 11241100x80000000000000002053247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c381932834443aa2022-02-14 10:58:33.181root 11241100x80000000000000002053248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282938842bfda3f22022-02-14 10:58:33.181root 11241100x80000000000000002053249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3811bab82c70069f2022-02-14 10:58:33.181root 11241100x80000000000000002053250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a7cb3d3e2f87d42022-02-14 10:58:33.182root 11241100x80000000000000002053251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d3ec22b87372aa2022-02-14 10:58:33.182root 11241100x80000000000000002053252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4295ee1d32c4de832022-02-14 10:58:33.182root 11241100x80000000000000002053253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7fcc725bd7ae6d2022-02-14 10:58:33.184root 11241100x80000000000000002053254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84471fce30f9e19a2022-02-14 10:58:33.184root 11241100x80000000000000002053255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1045c283d40cc07b2022-02-14 10:58:33.184root 11241100x80000000000000002053256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab1d225257bf9d52022-02-14 10:58:33.184root 11241100x80000000000000002053257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fdbd99995a43f52022-02-14 10:58:33.184root 11241100x80000000000000002053258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb887b9f321a4b4e2022-02-14 10:58:33.185root 11241100x80000000000000002053259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71a06754843a5782022-02-14 10:58:33.185root 11241100x80000000000000002053260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8b9bb4bacc6ffb2022-02-14 10:58:33.185root 11241100x80000000000000002053261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b6800c9570f5d92022-02-14 10:58:33.185root 11241100x80000000000000002053262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882dc8b0bcfe99802022-02-14 10:58:33.185root 11241100x80000000000000002053263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10caaa279766269d2022-02-14 10:58:33.186root 11241100x80000000000000002053264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a630d7decfe8996e2022-02-14 10:58:33.187root 11241100x80000000000000002053265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaedf79cbab56312022-02-14 10:58:33.187root 11241100x80000000000000002053266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea37751b778882f2022-02-14 10:58:33.187root 11241100x80000000000000002053267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae870825674e1a42022-02-14 10:58:33.187root 11241100x80000000000000002053268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579d5bf50f2ac2e12022-02-14 10:58:33.187root 11241100x80000000000000002053269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cd646e332348922022-02-14 10:58:33.187root 11241100x80000000000000002053270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1238e743a7b3342022-02-14 10:58:33.187root 11241100x80000000000000002053271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465e5c0b462c644a2022-02-14 10:58:33.188root 11241100x80000000000000002053272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63cac7b99fc2e952022-02-14 10:58:33.188root 11241100x80000000000000002053273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81fd4971f7a23ea2022-02-14 10:58:33.188root 11241100x80000000000000002053274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae35e1bb42f5d39d2022-02-14 10:58:33.188root 11241100x80000000000000002053275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e817e48147eb4cbf2022-02-14 10:58:33.188root 11241100x80000000000000002053276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfb3330b6d1ff602022-02-14 10:58:33.188root 11241100x80000000000000002053277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae61ec42e85ae5f2022-02-14 10:58:33.188root 11241100x80000000000000002053278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40f2c096acd5bef2022-02-14 10:58:33.188root 11241100x80000000000000002053279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b0043f9be99e382022-02-14 10:58:33.188root 11241100x80000000000000002053280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89e21170913459f2022-02-14 10:58:33.188root 11241100x80000000000000002053281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3763cc1c2153274c2022-02-14 10:58:33.188root 11241100x80000000000000002053282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5965dbc495814e42022-02-14 10:58:33.189root 11241100x80000000000000002053283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4196997ad6cc3b2022-02-14 10:58:33.189root 11241100x80000000000000002053284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d920cca3030ce8b2022-02-14 10:58:33.189root 11241100x80000000000000002053285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8707019bef88cee2022-02-14 10:58:33.189root 11241100x80000000000000002053286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92af22bdf6a96d12022-02-14 10:58:33.680root 11241100x80000000000000002053287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b9548b8cf1c2062022-02-14 10:58:33.680root 11241100x80000000000000002053288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b9fb525cefef4d2022-02-14 10:58:33.681root 11241100x80000000000000002053289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d0426b1430cfb02022-02-14 10:58:33.681root 11241100x80000000000000002053290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ffe3aac10c66882022-02-14 10:58:33.681root 11241100x80000000000000002053291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafad8bf9e50de552022-02-14 10:58:33.681root 11241100x80000000000000002053292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a3a1916a31777a2022-02-14 10:58:33.681root 11241100x80000000000000002053293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79140aba817773242022-02-14 10:58:33.681root 11241100x80000000000000002053294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20d62a940f36c542022-02-14 10:58:33.681root 11241100x80000000000000002053295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46d9ab5b3dd06642022-02-14 10:58:33.681root 11241100x80000000000000002053296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf93ef2b80725132022-02-14 10:58:33.681root 11241100x80000000000000002053297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae98cc18523401e2022-02-14 10:58:33.682root 11241100x80000000000000002053298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918cfe67bb12db102022-02-14 10:58:33.682root 11241100x80000000000000002053299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ce7925689de1d12022-02-14 10:58:33.682root 11241100x80000000000000002053300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0eff196e23b3152022-02-14 10:58:33.682root 11241100x80000000000000002053301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b526000a74b5ae2022-02-14 10:58:33.682root 11241100x80000000000000002053302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28b27bf14e219602022-02-14 10:58:33.682root 11241100x80000000000000002053303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851d151b961a25bf2022-02-14 10:58:33.682root 11241100x80000000000000002053304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c621ddb4ac5e52e2022-02-14 10:58:33.682root 11241100x80000000000000002053305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7472228fa7d0864f2022-02-14 10:58:33.682root 11241100x80000000000000002053306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef4ed50bcb0b10a2022-02-14 10:58:33.682root 11241100x80000000000000002053307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdba800ecd86aab2022-02-14 10:58:33.683root 154100x80000000000000002053308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.159{ec2ab09f-35da-620a-e8b6-43c4e9550000}2416/bin/ls-----ls --color=auto -l /va/log/syslog/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2415--- 154100x80000000000000002053309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.159{ec2ab09f-35da-620a-f0dc-24ddbd550000}2417/usr/bin/gawk-----awk {print $5}/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2415--- 534500x80000000000000002053310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.161{ec2ab09f-35da-620a-e8b6-43c4e9550000}2416/bin/lsubuntu 11241100x80000000000000002053311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.161{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d67faf6bd84c4ad2022-02-14 10:58:34.161root 11241100x80000000000000002053312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.161{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780aa2a6b3bbc3a12022-02-14 10:58:34.161root 11241100x80000000000000002053313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.161{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0454938671b82452022-02-14 10:58:34.161root 11241100x80000000000000002053314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.161{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed33576532705772022-02-14 10:58:34.161root 11241100x80000000000000002053315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.161{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0499bcbbd6a034a22022-02-14 10:58:34.161root 534500x80000000000000002053316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.162{ec2ab09f-35da-620a-f0dc-24ddbd550000}2417/usr/bin/gawkubuntu 11241100x80000000000000002053317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.162{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51310ff4d8af66ff2022-02-14 10:58:34.162root 534500x80000000000000002053318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.162{ec2ab09f-0ff9-620a-c82a-0f291d560000}2415-ubuntu 11241100x80000000000000002053319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.162{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adcc2144c9ed6872022-02-14 10:58:34.162root 11241100x80000000000000002053320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.162{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cad09c26f068fe42022-02-14 10:58:34.162root 154100x80000000000000002053321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.162{ec2ab09f-35da-620a-08ee-afee1c560000}2418/usr/bin/sudo-----sudo dd of=/dev/zero if=/var/log/syslog count= iflag=count_bytes/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{ec2ab09f-1691-620a-0814-31b1c5550000}2004/bin/bash-bashubuntu 11241100x80000000000000002053322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.163{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e076912bf8765bca2022-02-14 10:58:34.163root 11241100x80000000000000002053323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.163{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7becb78226dedf2022-02-14 10:58:34.163root 11241100x80000000000000002053324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.163{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873a9287d15a7bd82022-02-14 10:58:34.163root 11241100x80000000000000002053325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.163{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14372b016d7fea62022-02-14 10:58:34.163root 11241100x80000000000000002053326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.163{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9939fc85933e45ab2022-02-14 10:58:34.163root 11241100x80000000000000002053327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.163{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6c54dfcc03b81b2022-02-14 10:58:34.163root 11241100x80000000000000002053328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b0bd364be6e94d2022-02-14 10:58:34.164root 11241100x80000000000000002053329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801615e75dfe6a432022-02-14 10:58:34.164root 11241100x80000000000000002053330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3665cf2976b3f42022-02-14 10:58:34.164root 11241100x80000000000000002053331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dd3ea12abb18432022-02-14 10:58:34.164root 11241100x80000000000000002053332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b264e474d0a733652022-02-14 10:58:34.164root 11241100x80000000000000002053333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ca46043b17801a2022-02-14 10:58:34.164root 11241100x80000000000000002053334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7325b1d970abca462022-02-14 10:58:34.164root 11241100x80000000000000002053335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ac484c39f1f6d92022-02-14 10:58:34.164root 11241100x80000000000000002053336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4528bf788ea232a32022-02-14 10:58:34.164root 11241100x80000000000000002053337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05014cba5b5429c32022-02-14 10:58:34.164root 11241100x80000000000000002053338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585778eafd05a21a2022-02-14 10:58:34.164root 11241100x80000000000000002053339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f70c639c388d832022-02-14 10:58:34.164root 11241100x80000000000000002053340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12014c5fb3f54d2d2022-02-14 10:58:34.164root 354300x80000000000000002053341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.166{ec2ab09f-35da-620a-08ee-afee1c560000}2418/usr/bin/sudoubuntuudptruefalse127.0.0.1-56248-false127.0.0.53-53- 354300x80000000000000002053342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.167{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-55190-false10.0.0.2-53- 354300x80000000000000002053343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.167{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-43997-false10.0.0.2-53- 354300x80000000000000002053344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.186{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-56248- 354300x80000000000000002053345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.186{ec2ab09f-35da-620a-08ee-afee1c560000}2418/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-56248- 354300x80000000000000002053346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.193{ec2ab09f-35da-620a-08ee-afee1c560000}2418/usr/bin/sudoubuntuudptruefalse127.0.0.1-55613-false127.0.0.53-53- 354300x80000000000000002053347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.193{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-55613- 154100x80000000000000002053348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.196{ec2ab09f-35da-620a-600c-a21f47560000}2419/bin/dd-----dd of=/dev/zero if=/var/log/syslog count= iflag=count_bytes/home/ubunturoot{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-35da-620a-08ee-afee1c560000}2418/usr/bin/sudosudoubuntu 534500x80000000000000002053349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.197{ec2ab09f-35da-620a-600c-a21f47560000}2419/bin/ddroot 534500x80000000000000002053350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.198{ec2ab09f-35da-620a-08ee-afee1c560000}2418/usr/bin/sudoroot 354300x80000000000000002053351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.213{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54732-false10.0.1.12-8000- 11241100x80000000000000002053352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67fd604fcc0400e2022-02-14 10:58:34.431root 11241100x80000000000000002053353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41a969d3d6ade182022-02-14 10:58:34.431root 11241100x80000000000000002053354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7af26a8d6bcf7ac2022-02-14 10:58:34.432root 11241100x80000000000000002053355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3d95c6ffbc0b2c2022-02-14 10:58:34.432root 11241100x80000000000000002053356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acab0418dae2093b2022-02-14 10:58:34.432root 11241100x80000000000000002053357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0975a5366913542022-02-14 10:58:34.432root 11241100x80000000000000002053358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b8b88b68ead3802022-02-14 10:58:34.432root 11241100x80000000000000002053359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4295b91e0faf902022-02-14 10:58:34.432root 11241100x80000000000000002053360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c513738bf505f102022-02-14 10:58:34.432root 11241100x80000000000000002053361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1d2e00244fa8112022-02-14 10:58:34.433root 11241100x80000000000000002053362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547bb56761af77f62022-02-14 10:58:34.433root 11241100x80000000000000002053363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d245eb7b9865cd2022-02-14 10:58:34.433root 11241100x80000000000000002053364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96816f798edda3062022-02-14 10:58:34.433root 11241100x80000000000000002053365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7e0e53a4a5a8852022-02-14 10:58:34.433root 11241100x80000000000000002053366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d79ef0a3fa37382022-02-14 10:58:34.433root 11241100x80000000000000002053367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043af6f1222db2312022-02-14 10:58:34.434root 11241100x80000000000000002053368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd27702620742bb2022-02-14 10:58:34.434root 11241100x80000000000000002053369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb91eca976c1ecae2022-02-14 10:58:34.434root 11241100x80000000000000002053370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4947e1f13114057a2022-02-14 10:58:34.434root 11241100x80000000000000002053371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349cf01373f96ed02022-02-14 10:58:34.434root 11241100x80000000000000002053372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627f9e384f978a832022-02-14 10:58:34.434root 11241100x80000000000000002053373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041e29eeed67279d2022-02-14 10:58:34.434root 11241100x80000000000000002053374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0417395aa1f8072022-02-14 10:58:34.434root 11241100x80000000000000002053375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4044c84773229a2022-02-14 10:58:34.435root 11241100x80000000000000002053376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1901bfa3a40253012022-02-14 10:58:34.437root 11241100x80000000000000002053377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fecdbd7e3eeb602022-02-14 10:58:34.438root 11241100x80000000000000002053378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5c02279f4cf0b42022-02-14 10:58:34.438root 11241100x80000000000000002053379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f5fa2d873867c32022-02-14 10:58:34.438root 11241100x80000000000000002053380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3752c30ca27ca8742022-02-14 10:58:34.438root 11241100x80000000000000002053381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b31b6a056b5c21a2022-02-14 10:58:34.438root 11241100x80000000000000002053382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68a7197e320183c2022-02-14 10:58:34.439root 11241100x80000000000000002053383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eea5a4fedf71d952022-02-14 10:58:34.439root 11241100x80000000000000002053384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dc1957ffa778d72022-02-14 10:58:34.439root 11241100x80000000000000002053385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954d2b6565619f132022-02-14 10:58:34.439root 11241100x80000000000000002053386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4e8f8e6c072b632022-02-14 10:58:34.439root 11241100x80000000000000002053387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13268c17ad449c02022-02-14 10:58:34.439root 11241100x80000000000000002053388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035364c067b5e1a92022-02-14 10:58:34.439root 11241100x80000000000000002053389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f269c439d985d1d42022-02-14 10:58:34.439root 11241100x80000000000000002053390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff172b996cbcff102022-02-14 10:58:34.440root 11241100x80000000000000002053391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada3100550f5c1dd2022-02-14 10:58:34.931root 11241100x80000000000000002053392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b36ac67805693a2022-02-14 10:58:34.931root 11241100x80000000000000002053393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674d438a0a96053c2022-02-14 10:58:34.932root 11241100x80000000000000002053394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3405cb6e3ca8e9562022-02-14 10:58:34.932root 11241100x80000000000000002053395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734f75cca61256ff2022-02-14 10:58:34.932root 11241100x80000000000000002053396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1e5c40db0293822022-02-14 10:58:34.932root 11241100x80000000000000002053397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3565c6eaa8218612022-02-14 10:58:34.932root 11241100x80000000000000002053398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283a5a50f825e6612022-02-14 10:58:34.932root 11241100x80000000000000002053399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c219ff012da4fbb2022-02-14 10:58:34.932root 11241100x80000000000000002053400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bf08ee134e33eb2022-02-14 10:58:34.932root 11241100x80000000000000002053401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41168de231b8b1e2022-02-14 10:58:34.932root 11241100x80000000000000002053402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a0b4ed3de508002022-02-14 10:58:34.932root 11241100x80000000000000002053403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6322800f19fe58912022-02-14 10:58:34.932root 11241100x80000000000000002053404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3cdf4950e0907f2022-02-14 10:58:34.932root 11241100x80000000000000002053405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951ddebd9b66f04f2022-02-14 10:58:34.933root 11241100x80000000000000002053406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcb86b96bdf2c262022-02-14 10:58:34.933root 11241100x80000000000000002053407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5ebea1d2f8f21e2022-02-14 10:58:34.933root 11241100x80000000000000002053408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2836b5e45fa87a2022-02-14 10:58:34.933root 11241100x80000000000000002053409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdf55e1516c50122022-02-14 10:58:34.934root 11241100x80000000000000002053410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a79e2906608c1b62022-02-14 10:58:34.934root 11241100x80000000000000002053411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d5a8140c2340c32022-02-14 10:58:34.934root 11241100x80000000000000002053412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4e3a6c1a1663c12022-02-14 10:58:34.934root 11241100x80000000000000002053413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6b9d26f9c854b32022-02-14 10:58:34.934root 11241100x80000000000000002053414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf38efac581d86b2022-02-14 10:58:34.934root 11241100x80000000000000002053415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21ee2a985b249402022-02-14 10:58:34.934root 11241100x80000000000000002053416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79defc04b509a1e02022-02-14 10:58:34.934root 11241100x80000000000000002053417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61bf08396ca0d472022-02-14 10:58:34.934root 11241100x80000000000000002053418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655751a40d9864192022-02-14 10:58:34.935root 11241100x80000000000000002053419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593a036943d1f7692022-02-14 10:58:34.935root 11241100x80000000000000002053420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86b0c7f4ae4d3662022-02-14 10:58:34.935root 11241100x80000000000000002053421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66961fba494eda192022-02-14 10:58:34.936root 11241100x80000000000000002053422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5374d47a46fdc8b72022-02-14 10:58:34.936root 11241100x80000000000000002053423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a772c4680e3b352022-02-14 10:58:34.936root 11241100x80000000000000002053424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a921f87df83a5c692022-02-14 10:58:34.936root 11241100x80000000000000002053425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c3ef4facbccc7b2022-02-14 10:58:34.936root 11241100x80000000000000002053426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e0eeae754bb1432022-02-14 10:58:34.936root 11241100x80000000000000002053427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5b58a706719b772022-02-14 10:58:34.936root 11241100x80000000000000002053428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc09afc953618872022-02-14 10:58:34.936root 11241100x80000000000000002053429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:34.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c81a722243bfbde2022-02-14 10:58:34.936root 11241100x80000000000000002053430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72a7c6b534f4d362022-02-14 10:58:35.432root 11241100x80000000000000002053431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c0f193f0daf87b2022-02-14 10:58:35.433root 11241100x80000000000000002053432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261425fa9fa56d572022-02-14 10:58:35.433root 11241100x80000000000000002053433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17519afd93ef9d5a2022-02-14 10:58:35.433root 11241100x80000000000000002053434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbd2a04e8d096152022-02-14 10:58:35.433root 11241100x80000000000000002053435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62400eec6a44387e2022-02-14 10:58:35.433root 11241100x80000000000000002053436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ec261c41b5b1f72022-02-14 10:58:35.433root 11241100x80000000000000002053437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5423208dc428cf212022-02-14 10:58:35.433root 11241100x80000000000000002053438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9623f9ac6a5ba2ef2022-02-14 10:58:35.433root 11241100x80000000000000002053439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b2340eca3d8f712022-02-14 10:58:35.433root 11241100x80000000000000002053440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a1ad95c8199eba2022-02-14 10:58:35.433root 11241100x80000000000000002053441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3765f57da3eba02022-02-14 10:58:35.435root 11241100x80000000000000002053442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62ff2bdfab22d682022-02-14 10:58:35.435root 11241100x80000000000000002053443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355fb7afe9f64c1d2022-02-14 10:58:35.435root 11241100x80000000000000002053444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35f488a4e5ddc042022-02-14 10:58:35.435root 11241100x80000000000000002053445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6dbbafee8ec8082022-02-14 10:58:35.435root 11241100x80000000000000002053446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368dc26aa7bf55302022-02-14 10:58:35.435root 11241100x80000000000000002053447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4773ea698beafa772022-02-14 10:58:35.435root 11241100x80000000000000002053448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6780371df092b3de2022-02-14 10:58:35.436root 11241100x80000000000000002053449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f37265c85339712022-02-14 10:58:35.436root 11241100x80000000000000002053450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbd3318f50c3c902022-02-14 10:58:35.436root 11241100x80000000000000002053451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8398546fe9170fc22022-02-14 10:58:35.436root 11241100x80000000000000002053452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8d59d046a1fea02022-02-14 10:58:35.436root 11241100x80000000000000002053453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77cbdb1c60717212022-02-14 10:58:35.436root 11241100x80000000000000002053454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb7e5ba773ec93b2022-02-14 10:58:35.436root 11241100x80000000000000002053455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0538551b8220042022-02-14 10:58:35.436root 11241100x80000000000000002053456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc97aff58fdf0b362022-02-14 10:58:35.436root 11241100x80000000000000002053457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec23e5c465da3d62022-02-14 10:58:35.436root 11241100x80000000000000002053458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a32a25d346e8ab2022-02-14 10:58:35.436root 11241100x80000000000000002053459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af4e9e3983071872022-02-14 10:58:35.436root 11241100x80000000000000002053460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ff71c694de3b252022-02-14 10:58:35.436root 11241100x80000000000000002053461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6b9ab2932428cd2022-02-14 10:58:35.437root 11241100x80000000000000002053462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d68cd913dcbd6be2022-02-14 10:58:35.437root 11241100x80000000000000002053463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8935bf216fce8592022-02-14 10:58:35.437root 11241100x80000000000000002053464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f884886a683b782022-02-14 10:58:35.437root 11241100x80000000000000002053465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14af1da85dffa7432022-02-14 10:58:35.437root 11241100x80000000000000002053466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910701b23ec02f812022-02-14 10:58:35.437root 11241100x80000000000000002053467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d21d6dc5ccea9b62022-02-14 10:58:35.437root 11241100x80000000000000002053468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e129cea55b0ab72022-02-14 10:58:35.437root 11241100x80000000000000002053469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ee52331547d3c32022-02-14 10:58:35.931root 11241100x80000000000000002053470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad92df344d11ab02022-02-14 10:58:35.932root 11241100x80000000000000002053471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b33b9c84985e8af2022-02-14 10:58:35.932root 11241100x80000000000000002053472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016b1dc8d67137502022-02-14 10:58:35.932root 11241100x80000000000000002053473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56dd61d61e36efe2022-02-14 10:58:35.932root 11241100x80000000000000002053474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e826bd5d8e28a3c2022-02-14 10:58:35.932root 11241100x80000000000000002053475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59b541905c4c7992022-02-14 10:58:35.932root 11241100x80000000000000002053476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce092facb01546bb2022-02-14 10:58:35.932root 11241100x80000000000000002053477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12730fee28e76f002022-02-14 10:58:35.932root 11241100x80000000000000002053478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bfdad32934e2932022-02-14 10:58:35.932root 11241100x80000000000000002053479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9435952ffadc232022-02-14 10:58:35.932root 11241100x80000000000000002053480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d66f2dc3a22c7622022-02-14 10:58:35.932root 11241100x80000000000000002053481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe7fc477664ddc42022-02-14 10:58:35.932root 11241100x80000000000000002053482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17aa43a0a076fa12022-02-14 10:58:35.932root 11241100x80000000000000002053483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b536917d99cd1bbb2022-02-14 10:58:35.933root 11241100x80000000000000002053484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1eb99448375af12022-02-14 10:58:35.933root 11241100x80000000000000002053485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c575715c4d0c70f2022-02-14 10:58:35.933root 11241100x80000000000000002053486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0a848eae9cbbff2022-02-14 10:58:35.933root 11241100x80000000000000002053487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8406b111384fa2d2022-02-14 10:58:35.933root 11241100x80000000000000002053488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9cb34e66b5428a2022-02-14 10:58:35.933root 11241100x80000000000000002053489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545ff28de019e1532022-02-14 10:58:35.933root 11241100x80000000000000002053490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e071db23a72b4c2022-02-14 10:58:35.933root 11241100x80000000000000002053491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a06cf5de44a0f892022-02-14 10:58:35.933root 11241100x80000000000000002053492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f5617076216ebf2022-02-14 10:58:35.933root 11241100x80000000000000002053493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596b72b7e8b1ceb72022-02-14 10:58:35.933root 11241100x80000000000000002053494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec891133e93463c92022-02-14 10:58:35.933root 11241100x80000000000000002053495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e946a5bdaff07922022-02-14 10:58:35.935root 11241100x80000000000000002053496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b7cd64b15c39832022-02-14 10:58:35.935root 11241100x80000000000000002053497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c4d9e1085be3a22022-02-14 10:58:35.935root 11241100x80000000000000002053498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0a43e7299a462e2022-02-14 10:58:35.935root 11241100x80000000000000002053499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5884ead451067eb12022-02-14 10:58:35.935root 11241100x80000000000000002053500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be17bcd74da3ebae2022-02-14 10:58:35.935root 11241100x80000000000000002053501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fe4393ea3856ab2022-02-14 10:58:35.935root 11241100x80000000000000002053502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93a4269cbd756db2022-02-14 10:58:35.936root 11241100x80000000000000002053503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164e9dc844830bbe2022-02-14 10:58:35.936root 11241100x80000000000000002053504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fdf107e966aa822022-02-14 10:58:35.936root 11241100x80000000000000002053505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde438c2a0c03d9a2022-02-14 10:58:35.936root 11241100x80000000000000002053506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5756823df377542022-02-14 10:58:35.936root 11241100x80000000000000002053507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:35.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe6020e28a3288e2022-02-14 10:58:35.936root 11241100x80000000000000002053508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba8f3fe330e26142022-02-14 10:58:36.431root 11241100x80000000000000002053509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e27be6d427e05e2022-02-14 10:58:36.431root 11241100x80000000000000002053510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54a7a42659d4a992022-02-14 10:58:36.431root 11241100x80000000000000002053511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f06c54cc04116442022-02-14 10:58:36.431root 11241100x80000000000000002053512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a010c43cada4d5b2022-02-14 10:58:36.431root 11241100x80000000000000002053513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3070d9d5c7a84fd82022-02-14 10:58:36.431root 11241100x80000000000000002053514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73dd72d7be775ce2022-02-14 10:58:36.431root 11241100x80000000000000002053515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684a265b5b6b49412022-02-14 10:58:36.432root 11241100x80000000000000002053516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e0ced3cb2349a22022-02-14 10:58:36.432root 11241100x80000000000000002053517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93eb771635820bce2022-02-14 10:58:36.432root 11241100x80000000000000002053518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c995aa605b1711082022-02-14 10:58:36.432root 11241100x80000000000000002053519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38ffc74992c1baf2022-02-14 10:58:36.432root 11241100x80000000000000002053520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c56eeb2ffa3f5a2022-02-14 10:58:36.432root 11241100x80000000000000002053521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b21e115d1aec0a2022-02-14 10:58:36.432root 11241100x80000000000000002053522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e23e67734a8ff22022-02-14 10:58:36.432root 11241100x80000000000000002053523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bdf81665db0b2d2022-02-14 10:58:36.432root 11241100x80000000000000002053524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0b33f3c15ca5472022-02-14 10:58:36.432root 11241100x80000000000000002053525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c9d0484f3839342022-02-14 10:58:36.432root 11241100x80000000000000002053526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859fc1a97a06e3ad2022-02-14 10:58:36.432root 11241100x80000000000000002053527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1fe9106630479c2022-02-14 10:58:36.432root 11241100x80000000000000002053528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f0a85a04b2c1352022-02-14 10:58:36.432root 11241100x80000000000000002053529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b9cbd899b2bc102022-02-14 10:58:36.432root 11241100x80000000000000002053530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb0f40eb1525eda2022-02-14 10:58:36.433root 11241100x80000000000000002053531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee991a0c5209b242022-02-14 10:58:36.433root 11241100x80000000000000002053532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993aca6c9705be9b2022-02-14 10:58:36.433root 11241100x80000000000000002053533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3266af5c3e0757602022-02-14 10:58:36.433root 11241100x80000000000000002053534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988ecc5a05e8c7e02022-02-14 10:58:36.433root 11241100x80000000000000002053535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddadcfd6160c4602022-02-14 10:58:36.433root 11241100x80000000000000002053536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d917a12ba7c51192022-02-14 10:58:36.433root 11241100x80000000000000002053537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5033db53b0e078f2022-02-14 10:58:36.433root 11241100x80000000000000002053538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c4524bce1e42972022-02-14 10:58:36.433root 11241100x80000000000000002053539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149ba3823ca85d822022-02-14 10:58:36.433root 11241100x80000000000000002053540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188f83a7032d51412022-02-14 10:58:36.433root 11241100x80000000000000002053541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcb4bc30a447e702022-02-14 10:58:36.434root 11241100x80000000000000002053542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e830260ffc0c76102022-02-14 10:58:36.434root 11241100x80000000000000002053543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af575f098dad03a02022-02-14 10:58:36.434root 11241100x80000000000000002053544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42529b02ea04bc02022-02-14 10:58:36.434root 11241100x80000000000000002053545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f776425ce5a54c802022-02-14 10:58:36.434root 11241100x80000000000000002053546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec245125eaf1c9df2022-02-14 10:58:36.435root 11241100x80000000000000002053547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d171d0672012a5d2022-02-14 10:58:36.931root 11241100x80000000000000002053548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce53f160ed6e1e0d2022-02-14 10:58:36.931root 11241100x80000000000000002053549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a64c68356938182022-02-14 10:58:36.932root 11241100x80000000000000002053550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3f748911f5c1da2022-02-14 10:58:36.932root 11241100x80000000000000002053551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41931b52546cb17b2022-02-14 10:58:36.932root 11241100x80000000000000002053552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271e713d8308c0c42022-02-14 10:58:36.932root 11241100x80000000000000002053553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedcfb2da18867e02022-02-14 10:58:36.932root 11241100x80000000000000002053554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6f0113cd75c0452022-02-14 10:58:36.933root 11241100x80000000000000002053555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4042434d16c7a5042022-02-14 10:58:36.933root 11241100x80000000000000002053556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5870381a43e4c0d2022-02-14 10:58:36.933root 11241100x80000000000000002053557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1040d0d9a01622c2022-02-14 10:58:36.933root 11241100x80000000000000002053558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25587b7d127094742022-02-14 10:58:36.933root 11241100x80000000000000002053559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ccb16dfca117c92022-02-14 10:58:36.934root 11241100x80000000000000002053560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bf6809cef7fec92022-02-14 10:58:36.934root 11241100x80000000000000002053561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993768534f97d9fd2022-02-14 10:58:36.934root 11241100x80000000000000002053562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04e9d482cb554c02022-02-14 10:58:36.934root 11241100x80000000000000002053563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2df73cd5edeb5322022-02-14 10:58:36.934root 11241100x80000000000000002053564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3717c5dddd0334512022-02-14 10:58:36.934root 11241100x80000000000000002053565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45009ff6cc840fbf2022-02-14 10:58:36.934root 11241100x80000000000000002053566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964564bfcde02e282022-02-14 10:58:36.934root 11241100x80000000000000002053567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719ff7a123ab83052022-02-14 10:58:36.935root 11241100x80000000000000002053568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2096c10e35e1deeb2022-02-14 10:58:36.935root 11241100x80000000000000002053569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e14c69c6f9968062022-02-14 10:58:36.935root 11241100x80000000000000002053570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c991d1b229369c4c2022-02-14 10:58:36.935root 11241100x80000000000000002053571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5334f0d2ef0239de2022-02-14 10:58:36.935root 11241100x80000000000000002053572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a36772cb1eb54a02022-02-14 10:58:36.935root 11241100x80000000000000002053573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf57d787f7d6d7a52022-02-14 10:58:36.935root 11241100x80000000000000002053574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a402d2d470524f2022-02-14 10:58:36.935root 11241100x80000000000000002053575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e19014697648f1c2022-02-14 10:58:36.935root 11241100x80000000000000002053576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2e56669d27cda22022-02-14 10:58:36.935root 11241100x80000000000000002053577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d474c72d05e05e2022-02-14 10:58:36.935root 11241100x80000000000000002053578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223627645d7572152022-02-14 10:58:36.935root 11241100x80000000000000002053579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3d2b70791631232022-02-14 10:58:36.935root 11241100x80000000000000002053580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b90fca34d274bc2022-02-14 10:58:36.935root 11241100x80000000000000002053581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897034d79bf924402022-02-14 10:58:36.935root 11241100x80000000000000002053582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a907bc68a03a09ab2022-02-14 10:58:36.936root 11241100x80000000000000002053583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b095137a9c642a92022-02-14 10:58:36.936root 11241100x80000000000000002053584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6a98bdf36b1f542022-02-14 10:58:36.936root 11241100x80000000000000002053585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94555c1e6c9be8c2022-02-14 10:58:36.936root 11241100x80000000000000002053586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a323e9efbed3ce2022-02-14 10:58:37.432root 11241100x80000000000000002053587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90075bd7cacd326c2022-02-14 10:58:37.432root 11241100x80000000000000002053588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b2e092f30e6fff2022-02-14 10:58:37.432root 11241100x80000000000000002053589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806a74117f3797e72022-02-14 10:58:37.432root 11241100x80000000000000002053590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b581a7628046212022-02-14 10:58:37.432root 11241100x80000000000000002053591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9daaf64e2bec152022-02-14 10:58:37.432root 11241100x80000000000000002053592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6070ff8fa32c00312022-02-14 10:58:37.432root 11241100x80000000000000002053593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0517772130ab8c2022-02-14 10:58:37.432root 11241100x80000000000000002053594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e81a76a305b15e2022-02-14 10:58:37.433root 11241100x80000000000000002053595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20287ccf4e996b042022-02-14 10:58:37.433root 11241100x80000000000000002053596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671a4f3d821c6c4c2022-02-14 10:58:37.433root 11241100x80000000000000002053597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ccbb2b80ac249d2022-02-14 10:58:37.433root 11241100x80000000000000002053598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790bd628215b65892022-02-14 10:58:37.433root 11241100x80000000000000002053599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c34a3c72a44f332022-02-14 10:58:37.433root 11241100x80000000000000002053600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e36f6f7cb04c3a2022-02-14 10:58:37.434root 11241100x80000000000000002053601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5105be408c7a86472022-02-14 10:58:37.434root 11241100x80000000000000002053602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400b00ef121405882022-02-14 10:58:37.434root 11241100x80000000000000002053603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bad4dd37bc0b5dc2022-02-14 10:58:37.434root 11241100x80000000000000002053604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b856ace5b789c92022-02-14 10:58:37.434root 11241100x80000000000000002053605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b203c40abab8222022-02-14 10:58:37.434root 11241100x80000000000000002053606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0453d057640798842022-02-14 10:58:37.434root 11241100x80000000000000002053607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18808cfca7a02db22022-02-14 10:58:37.434root 11241100x80000000000000002053608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814ae5e8ad1ec3932022-02-14 10:58:37.434root 11241100x80000000000000002053609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7189c856e6c1262022-02-14 10:58:37.438root 11241100x80000000000000002053610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b303ff67f7890d2022-02-14 10:58:37.438root 11241100x80000000000000002053611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b774516a0c48a3162022-02-14 10:58:37.438root 11241100x80000000000000002053612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b318524ae79687c12022-02-14 10:58:37.438root 11241100x80000000000000002053613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba95d285feafa0ca2022-02-14 10:58:37.438root 11241100x80000000000000002053614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b739892dc4acaa222022-02-14 10:58:37.438root 11241100x80000000000000002053615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee8daaeeaeff5db2022-02-14 10:58:37.439root 11241100x80000000000000002053616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ceb1a0f2820a6c2022-02-14 10:58:37.439root 11241100x80000000000000002053617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb809663e5ae32172022-02-14 10:58:37.439root 11241100x80000000000000002053618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109af972a20fc9b32022-02-14 10:58:37.439root 11241100x80000000000000002053619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e09b3f586c32fa2022-02-14 10:58:37.439root 11241100x80000000000000002053620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c408af3f50fd478f2022-02-14 10:58:37.439root 11241100x80000000000000002053621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268982d880986ec32022-02-14 10:58:37.439root 11241100x80000000000000002053622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f9dfc6f754ed4b2022-02-14 10:58:37.439root 11241100x80000000000000002053623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142ec18687e05ddb2022-02-14 10:58:37.439root 11241100x80000000000000002053624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62055ee861d389842022-02-14 10:58:37.440root 11241100x80000000000000002053625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55436663e73e0952022-02-14 10:58:37.931root 11241100x80000000000000002053626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede4190ea2a2b60d2022-02-14 10:58:37.932root 11241100x80000000000000002053627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eeee708300e1fc62022-02-14 10:58:37.932root 11241100x80000000000000002053628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55562a0829d631d72022-02-14 10:58:37.932root 11241100x80000000000000002053629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1d840ba346f3f52022-02-14 10:58:37.932root 11241100x80000000000000002053630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff83719d146b6d22022-02-14 10:58:37.932root 11241100x80000000000000002053631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c716b5e6ae4ebc222022-02-14 10:58:37.932root 11241100x80000000000000002053632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1b9eab4594a7842022-02-14 10:58:37.933root 11241100x80000000000000002053633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c55fbee5ad6eae62022-02-14 10:58:37.933root 11241100x80000000000000002053634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f6fb6d7b231fca2022-02-14 10:58:37.933root 11241100x80000000000000002053635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca717d782396e822022-02-14 10:58:37.933root 11241100x80000000000000002053636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee867affb9807a82022-02-14 10:58:37.933root 11241100x80000000000000002053637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d4d958e34f5b142022-02-14 10:58:37.933root 11241100x80000000000000002053638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda2553635dd951c2022-02-14 10:58:37.933root 11241100x80000000000000002053639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099e6c23c0db72202022-02-14 10:58:37.935root 11241100x80000000000000002053640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8ded9a7ef954fd2022-02-14 10:58:37.935root 11241100x80000000000000002053641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:37.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349056cc68cf74302022-02-14 10:58:37.935root 23542300x80000000000000002053690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:45.886{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000002053691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:46.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b03f849f412a2d42022-02-14 10:58:46.179root 11241100x80000000000000002053692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:46.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabb8a719bd65a4e2022-02-14 10:58:46.679root 11241100x80000000000000002053693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:47.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c51a2ebbf3a3df2022-02-14 10:58:47.179root 11241100x80000000000000002053694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:47.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f42ff524b01638d2022-02-14 10:58:47.679root 154100x80000000000000002053695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:48.094{ec2ab09f-35e8-620a-68d4-b45a60550000}2424/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2ab09f-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}871--- 11241100x80000000000000002053696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:48.095{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0cde1291849c3a2022-02-14 10:58:48.095root 11241100x80000000000000002053697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:48.095{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a7d1ca72da33242022-02-14 10:58:48.095root 534500x80000000000000002053698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:48.116{ec2ab09f-35e8-620a-68d4-b45a60550000}2424/bin/psroot 11241100x80000000000000002053699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15435c8765f526f82022-02-14 10:58:48.430root 11241100x80000000000000002053700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8442e55242b9462022-02-14 10:58:48.430root 11241100x80000000000000002053701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfe10f6052d6a532022-02-14 10:58:48.430root 11241100x80000000000000002053702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec901783f0957172022-02-14 10:58:48.930root 11241100x80000000000000002053703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6676f66f85a80c32022-02-14 10:58:48.930root 11241100x80000000000000002053704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a3dc2676ec2a8c2022-02-14 10:58:48.930root 11241100x80000000000000002053705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636a41a1dfdddbf52022-02-14 10:58:49.430root 11241100x80000000000000002053706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c3a3cbfb7f0c512022-02-14 10:58:49.430root 11241100x80000000000000002053707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97155b0b2a8ca1152022-02-14 10:58:49.430root 11241100x80000000000000002053708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a0503c48f7acd92022-02-14 10:58:49.930root 11241100x80000000000000002053709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b25a609499681572022-02-14 10:58:49.930root 11241100x80000000000000002053710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda5f558d58ca0862022-02-14 10:58:49.930root 11241100x80000000000000002053711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620cc439057350f82022-02-14 10:58:50.430root 11241100x80000000000000002053712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6539a8105fcfa42022-02-14 10:58:50.430root 11241100x80000000000000002053713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e9b63b7e20ea2b2022-02-14 10:58:50.430root 11241100x80000000000000002053714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5dad7ddeee0cb72022-02-14 10:58:50.930root 11241100x80000000000000002053715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d9be958d8b7e472022-02-14 10:58:50.930root 11241100x80000000000000002053716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ab29f20713eab62022-02-14 10:58:50.930root 354300x80000000000000002053717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:51.045{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54738-false10.0.1.12-8000- 11241100x80000000000000002053718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674d55db325100592022-02-14 10:58:51.430root 11241100x80000000000000002053719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19df4c1f0c9a195b2022-02-14 10:58:51.431root 11241100x80000000000000002053720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7334a43581080a92022-02-14 10:58:51.431root 11241100x80000000000000002053721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fda86431feeaa52022-02-14 10:58:51.431root 11241100x80000000000000002053722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd786e03f63660a62022-02-14 10:58:51.930root 11241100x80000000000000002053723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509ec1dfdbbbab9e2022-02-14 10:58:51.930root 11241100x80000000000000002053724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b299f67249ec8ac22022-02-14 10:58:51.930root 11241100x80000000000000002053725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bd440326152f372022-02-14 10:58:51.930root 534500x80000000000000002053726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:52.349{ec2ab09f-35e5-620a-609c-a8bd01560000}2423/bin/ddubuntu 11241100x80000000000000002053727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:52.350{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e070edb8d2b3b00f2022-02-14 10:58:52.350root 11241100x80000000000000002053728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:52.350{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff89ac387706323f2022-02-14 10:58:52.350root 11241100x80000000000000002053729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:52.350{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acaada1aca30b96b2022-02-14 10:58:52.350root 11241100x80000000000000002053730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:52.350{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92e568aed348f5f2022-02-14 10:58:52.350root 11241100x80000000000000002053731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:52.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7698c0186941ba352022-02-14 10:58:52.680root 11241100x80000000000000002053732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:52.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fae012f4ac04382022-02-14 10:58:52.680root 11241100x80000000000000002053733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:52.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1462d3c22dfb9922022-02-14 10:58:52.680root 11241100x80000000000000002053734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:52.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0508782788772b962022-02-14 10:58:52.680root 11241100x80000000000000002053735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:52.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a39e283989f7bf82022-02-14 10:58:52.680root 11241100x80000000000000002053736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:53.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a732f5d4498e1f2022-02-14 10:58:53.180root 11241100x80000000000000002053737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:53.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929ae9c6a89b6abe2022-02-14 10:58:53.180root 11241100x80000000000000002053738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:53.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a43f4a3c8fb7412022-02-14 10:58:53.180root 11241100x80000000000000002053739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:53.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c49451f7c7b8e632022-02-14 10:58:53.180root 11241100x80000000000000002053740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:53.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda4b5bc897319f82022-02-14 10:58:53.180root 11241100x80000000000000002053741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:53.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5971ce39cf3fdb202022-02-14 10:58:53.680root 11241100x80000000000000002053742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:53.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e45506f0f31bee62022-02-14 10:58:53.680root 11241100x80000000000000002053743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:53.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3801412ef1efa25f2022-02-14 10:58:53.680root 11241100x80000000000000002053744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:53.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c852408d171aed52022-02-14 10:58:53.680root 11241100x80000000000000002053745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:53.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6a63d7875a6b152022-02-14 10:58:53.680root 11241100x80000000000000002053746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:54.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265b4454dc9a38232022-02-14 10:58:54.180root 11241100x80000000000000002053747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:54.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98616b988d3b3d9a2022-02-14 10:58:54.180root 11241100x80000000000000002053748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:54.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9bc51a654a93b52022-02-14 10:58:54.180root 11241100x80000000000000002053749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:54.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44757097003f6b4a2022-02-14 10:58:54.180root 11241100x80000000000000002053750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:54.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69c9863a982cd092022-02-14 10:58:54.180root 11241100x80000000000000002053751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a172eaf6a28a8d782022-02-14 10:58:54.680root 11241100x80000000000000002053752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0fecdb4a788be42022-02-14 10:58:54.680root 11241100x80000000000000002053753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45383134a952fe002022-02-14 10:58:54.680root 11241100x80000000000000002053754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94235adf1efb73c12022-02-14 10:58:54.680root 11241100x80000000000000002053755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711c027e1fc0d1d72022-02-14 10:58:54.680root 11241100x80000000000000002053756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:55.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f12eaf26c0ea872022-02-14 10:58:55.180root 11241100x80000000000000002053757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:55.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7647d8ceed192f432022-02-14 10:58:55.180root 11241100x80000000000000002053758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:55.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16912f6b5e288a922022-02-14 10:58:55.180root 11241100x80000000000000002053759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:55.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306c3c6e942e24342022-02-14 10:58:55.180root 11241100x80000000000000002053760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:55.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec510b9d7f143602022-02-14 10:58:55.180root 11241100x80000000000000002053761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566bd561ab7d9d8c2022-02-14 10:58:55.680root 11241100x80000000000000002053762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05301491765656d2022-02-14 10:58:55.680root 11241100x80000000000000002053763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ffa88a16cee5582022-02-14 10:58:55.680root 11241100x80000000000000002053764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae79842be2d53d92022-02-14 10:58:55.680root 11241100x80000000000000002053765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06aad97fc1fe99182022-02-14 10:58:55.680root 11241100x80000000000000002053766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274a4e6403f32dec2022-02-14 10:58:56.180root 11241100x80000000000000002053767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79856ae2f767bfca2022-02-14 10:58:56.180root 11241100x80000000000000002053768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872ea541be9a8f562022-02-14 10:58:56.180root 11241100x80000000000000002053769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1eff5927ecd6742022-02-14 10:58:56.180root 11241100x80000000000000002053770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea107ff59e75ee22022-02-14 10:58:56.180root 354300x80000000000000002053771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.238{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54740-false10.0.1.12-8000- 11241100x80000000000000002053772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb8362bb8f3e5902022-02-14 10:58:56.680root 11241100x80000000000000002053773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2b16c0bb28ac3b2022-02-14 10:58:56.680root 11241100x80000000000000002053774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffa958ac1231ec22022-02-14 10:58:56.680root 11241100x80000000000000002053775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10de4cf18a88dc802022-02-14 10:58:56.680root 11241100x80000000000000002053776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8022d86c83d8d39f2022-02-14 10:58:56.680root 11241100x80000000000000002053777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92708f5dae875e2c2022-02-14 10:58:56.680root 11241100x80000000000000002053778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccd11849a7e72252022-02-14 10:58:57.180root 11241100x80000000000000002053779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2d1a7e8e7877952022-02-14 10:58:57.180root 11241100x80000000000000002053780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510e624e963542352022-02-14 10:58:57.180root 11241100x80000000000000002053781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aed0b4f8c132cc12022-02-14 10:58:57.180root 11241100x80000000000000002053782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0700747e1596ac82022-02-14 10:58:57.180root 11241100x80000000000000002053783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a32b5a6b67f70a2022-02-14 10:58:57.180root 11241100x80000000000000002053784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2c4943db0bebc72022-02-14 10:58:57.680root 11241100x80000000000000002053785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6256eabfd306612022-02-14 10:58:57.680root 11241100x80000000000000002053786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fa931ea4a2d6dc2022-02-14 10:58:57.680root 11241100x80000000000000002053787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0985968a95192a2022-02-14 10:58:57.680root 11241100x80000000000000002053788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c589236f88ef3b2022-02-14 10:58:57.680root 11241100x80000000000000002053789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:57.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e6642d93a788c12022-02-14 10:58:57.680root 11241100x80000000000000002053790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b3d3c9a50bce952022-02-14 10:58:58.180root 11241100x80000000000000002053791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3351086dbeff712022-02-14 10:58:58.180root 11241100x80000000000000002053792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320899d583da7c822022-02-14 10:58:58.180root 11241100x80000000000000002053793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1124ecd46198dcb52022-02-14 10:58:58.180root 11241100x80000000000000002053794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d537c155d1c1cb12022-02-14 10:58:58.180root 11241100x80000000000000002053795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dc38ffcc66602e2022-02-14 10:58:58.180root 11241100x80000000000000002053796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c63dec8f92f2e9c2022-02-14 10:58:58.680root 11241100x80000000000000002053797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f2c8b8673a2b332022-02-14 10:58:58.680root 11241100x80000000000000002053798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a62c09115a403902022-02-14 10:58:58.680root 11241100x80000000000000002053799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d99cebc4d8e2522022-02-14 10:58:58.680root 11241100x80000000000000002053800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f96450b7cfc41042022-02-14 10:58:58.680root 11241100x80000000000000002053801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b505080cc0e33682022-02-14 10:58:58.680root 11241100x80000000000000002053802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ed3d52b137e0152022-02-14 10:58:59.180root 11241100x80000000000000002053803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd05040919679a22022-02-14 10:58:59.180root 11241100x80000000000000002053804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495676c0213943fd2022-02-14 10:58:59.180root 11241100x80000000000000002053805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2cbe16c9403f0d2022-02-14 10:58:59.180root 11241100x80000000000000002053806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4877718dc3f2c91a2022-02-14 10:58:59.180root 11241100x80000000000000002053807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106eec14b08cf5882022-02-14 10:58:59.180root 11241100x80000000000000002053808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c19cd5adf7bd172022-02-14 10:58:59.680root 11241100x80000000000000002053809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd153f26aecf3922022-02-14 10:58:59.680root 11241100x80000000000000002053810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9151bd739ae5a12022-02-14 10:58:59.680root 11241100x80000000000000002053811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc50a2a6bf02f522022-02-14 10:58:59.680root 11241100x80000000000000002053812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc60ade2d7d2c992022-02-14 10:58:59.680root 11241100x80000000000000002053813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:58:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb212f7e24eadef2022-02-14 10:58:59.681root 11241100x80000000000000002053814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b0b879f7b9f0fe2022-02-14 10:59:00.180root 11241100x80000000000000002053815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a19f993913794d2022-02-14 10:59:00.180root 11241100x80000000000000002053816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c28cff1f98324e2022-02-14 10:59:00.180root 11241100x80000000000000002053817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d1a68e0f6061e52022-02-14 10:59:00.180root 11241100x80000000000000002053818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754bd4724eced0512022-02-14 10:59:00.180root 11241100x80000000000000002053819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cc456ea43575c82022-02-14 10:59:00.180root 11241100x80000000000000002053820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1e80dfd5b890b62022-02-14 10:59:00.680root 11241100x80000000000000002053821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcbaa3d705d8d572022-02-14 10:59:00.680root 11241100x80000000000000002053822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67768113e45005ad2022-02-14 10:59:00.680root 11241100x80000000000000002053823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486635bb86fd09182022-02-14 10:59:00.680root 11241100x80000000000000002053824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16613eb30cbdfea72022-02-14 10:59:00.680root 11241100x80000000000000002053825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5812fbf24a370c9a2022-02-14 10:59:00.680root 11241100x80000000000000002053826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508a2d6ada84eacf2022-02-14 10:59:01.180root 11241100x80000000000000002053827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faf1edc2dc03e762022-02-14 10:59:01.180root 11241100x80000000000000002053828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690684db34a59a122022-02-14 10:59:01.180root 11241100x80000000000000002053829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f359b7a225d8b22022-02-14 10:59:01.180root 11241100x80000000000000002053830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6939fa1221efc8d2022-02-14 10:59:01.180root 11241100x80000000000000002053831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba29ab40eb69fcc2022-02-14 10:59:01.180root 11241100x80000000000000002053832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1a7c734e0a06e92022-02-14 10:59:01.680root 11241100x80000000000000002053833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdcf72c91dbfe062022-02-14 10:59:01.680root 11241100x80000000000000002053834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d58f0d6f76bf8cf2022-02-14 10:59:01.680root 11241100x80000000000000002053835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad92f3559571adb2022-02-14 10:59:01.680root 11241100x80000000000000002053836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd439ee98efd7722022-02-14 10:59:01.680root 11241100x80000000000000002053837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d650b4280f15a452022-02-14 10:59:01.680root 354300x80000000000000002053838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.039{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54742-false10.0.1.12-8000- 11241100x80000000000000002053839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebf176687871d452022-02-14 10:59:02.040root 11241100x80000000000000002053840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031c0328af7c50752022-02-14 10:59:02.040root 11241100x80000000000000002053841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af30c0359f7acf62022-02-14 10:59:02.040root 11241100x80000000000000002053842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f17096e0d7b762e2022-02-14 10:59:02.040root 11241100x80000000000000002053843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d422bee8b668fe2022-02-14 10:59:02.041root 11241100x80000000000000002053844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5072d356f1106e622022-02-14 10:59:02.041root 11241100x80000000000000002053845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c45b31451e3e9672022-02-14 10:59:02.041root 11241100x80000000000000002053846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc14e0fe0a6cd2e2022-02-14 10:59:02.430root 11241100x80000000000000002053847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa96adbda6522ea62022-02-14 10:59:02.430root 11241100x80000000000000002053848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5647ad601e9757ad2022-02-14 10:59:02.430root 11241100x80000000000000002053849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b75d30ef4354d4c2022-02-14 10:59:02.430root 11241100x80000000000000002053850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c194f399c2b5962d2022-02-14 10:59:02.430root 11241100x80000000000000002053851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e043843e8b0e2562022-02-14 10:59:02.430root 11241100x80000000000000002053852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f95ff69232944e2022-02-14 10:59:02.431root 11241100x80000000000000002053853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcace6b629a57012022-02-14 10:59:02.930root 11241100x80000000000000002053854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732119f76b00e3422022-02-14 10:59:02.930root 11241100x80000000000000002053855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a50782afdad22082022-02-14 10:59:02.930root 11241100x80000000000000002053856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e82ef86322a2872022-02-14 10:59:02.930root 11241100x80000000000000002053857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd7414c3d0db3912022-02-14 10:59:02.930root 11241100x80000000000000002053858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4063094b8204ac2022-02-14 10:59:02.930root 11241100x80000000000000002053859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12924451627117622022-02-14 10:59:02.930root 11241100x80000000000000002053860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061e5acc9bb3e12f2022-02-14 10:59:03.430root 11241100x80000000000000002053861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2b616b98bcaa262022-02-14 10:59:03.430root 11241100x80000000000000002053862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1826f1490f9765bb2022-02-14 10:59:03.430root 11241100x80000000000000002053863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904c63f27ef81dbd2022-02-14 10:59:03.430root 11241100x80000000000000002053864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f458a6ff9ff51812022-02-14 10:59:03.430root 11241100x80000000000000002053865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60882bb38a2ec7a72022-02-14 10:59:03.430root 11241100x80000000000000002053866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1e1fb21f8b3abf2022-02-14 10:59:03.430root 11241100x80000000000000002053867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddd8c2f36aa7a0f2022-02-14 10:59:03.930root 11241100x80000000000000002053868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0bd37075cc0af32022-02-14 10:59:03.930root 11241100x80000000000000002053869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eff1e4b67d12d292022-02-14 10:59:03.930root 11241100x80000000000000002053870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdcc9a776ac135b2022-02-14 10:59:03.930root 11241100x80000000000000002053871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b2752a88631fa92022-02-14 10:59:03.930root 11241100x80000000000000002053872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc7ace5e16eb42b2022-02-14 10:59:03.930root 11241100x80000000000000002053873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788524c211eae59b2022-02-14 10:59:03.931root 11241100x80000000000000002053874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd27f2d2eeb3d3d2022-02-14 10:59:04.429root 11241100x80000000000000002053875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d316fe80907ed32022-02-14 10:59:04.430root 11241100x80000000000000002053876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072fd5816e567a1f2022-02-14 10:59:04.430root 11241100x80000000000000002053877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb40c171915e49212022-02-14 10:59:04.430root 11241100x80000000000000002053878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bf508a21b563ff2022-02-14 10:59:04.430root 11241100x80000000000000002053879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b0708c5e2b19252022-02-14 10:59:04.431root 11241100x80000000000000002053880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbd03c7afca510b2022-02-14 10:59:04.431root 11241100x80000000000000002053881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd74c8afff95e022022-02-14 10:59:04.930root 11241100x80000000000000002053882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66996d1889992782022-02-14 10:59:04.930root 11241100x80000000000000002053883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b4076a198fc09b2022-02-14 10:59:04.930root 11241100x80000000000000002053884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88f3c8fede6f5452022-02-14 10:59:04.930root 11241100x80000000000000002053885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f77ca986c4d2982022-02-14 10:59:04.930root 11241100x80000000000000002053886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5256f4256d4e48f32022-02-14 10:59:04.930root 11241100x80000000000000002053887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f41818963c3f672022-02-14 10:59:04.930root 11241100x80000000000000002053888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a78a5c10de525a82022-02-14 10:59:05.430root 11241100x80000000000000002053889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933bde7381a749032022-02-14 10:59:05.430root 11241100x80000000000000002053890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9a61017a68dcfb2022-02-14 10:59:05.430root 11241100x80000000000000002053891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f4e4c5d364e8fe2022-02-14 10:59:05.430root 11241100x80000000000000002053892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5305433ee4d6c422022-02-14 10:59:05.430root 11241100x80000000000000002053893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d730b2a2be707e2022-02-14 10:59:05.430root 11241100x80000000000000002053894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a655f7873812832022-02-14 10:59:05.430root 11241100x80000000000000002053895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9fe45ea1f2888f2022-02-14 10:59:05.930root 11241100x80000000000000002053896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036a4848c8d4efb82022-02-14 10:59:05.930root 11241100x80000000000000002053897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfe6d7a50098ca72022-02-14 10:59:05.930root 11241100x80000000000000002053898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010f061dbcfdfb682022-02-14 10:59:05.930root 11241100x80000000000000002053899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0338743eea50c8f52022-02-14 10:59:05.930root 11241100x80000000000000002053900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb8bf8805a0a9de2022-02-14 10:59:05.930root 11241100x80000000000000002053901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988964d9314034742022-02-14 10:59:05.930root 11241100x80000000000000002053902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d052adb84f11c102022-02-14 10:59:06.430root 11241100x80000000000000002053903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9151ec70436ac52022-02-14 10:59:06.430root 11241100x80000000000000002053904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555f3b12979b5b922022-02-14 10:59:06.430root 11241100x80000000000000002053905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe899cd087e4c3e72022-02-14 10:59:06.430root 11241100x80000000000000002053906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74729365f013d292022-02-14 10:59:06.430root 11241100x80000000000000002053907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7b8205530320092022-02-14 10:59:06.430root 11241100x80000000000000002053908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7219c327d538c5a22022-02-14 10:59:06.430root 11241100x80000000000000002053909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9352ee45502343d2022-02-14 10:59:06.930root 11241100x80000000000000002053910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec379bda5a8ed0c12022-02-14 10:59:06.930root 11241100x80000000000000002053911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed9299c97ab0db22022-02-14 10:59:06.930root 11241100x80000000000000002053912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4812e8d0791c573a2022-02-14 10:59:06.930root 11241100x80000000000000002053913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ad9f51c8d0e7a32022-02-14 10:59:06.930root 11241100x80000000000000002053914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c84a0d781444e12022-02-14 10:59:06.930root 11241100x80000000000000002053915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1804ea5bf5229c12022-02-14 10:59:06.930root 354300x80000000000000002053916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.074{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54744-false10.0.1.12-8000- 11241100x80000000000000002053917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904dc9b6441bc79c2022-02-14 10:59:07.430root 11241100x80000000000000002053918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7c14da5428d6892022-02-14 10:59:07.430root 11241100x80000000000000002053919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53f128a54ce21f02022-02-14 10:59:07.430root 11241100x80000000000000002053920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f1f003d4d3d6872022-02-14 10:59:07.430root 11241100x80000000000000002053921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c85210c0519e442022-02-14 10:59:07.430root 11241100x80000000000000002053922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1c9eebd559b3032022-02-14 10:59:07.430root 11241100x80000000000000002053923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a225a67a03a16d2022-02-14 10:59:07.431root 11241100x80000000000000002053924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3face8a1f754f3a2022-02-14 10:59:07.431root 11241100x80000000000000002053925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1896d83a2803d12022-02-14 10:59:07.930root 11241100x80000000000000002053926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94b74571e726bf52022-02-14 10:59:07.930root 11241100x80000000000000002053927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c8f1c8ba15f73b2022-02-14 10:59:07.930root 11241100x80000000000000002053928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a015a27525009a882022-02-14 10:59:07.930root 11241100x80000000000000002053929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae43c25cc488fa372022-02-14 10:59:07.930root 11241100x80000000000000002053930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7375d4f5d178444b2022-02-14 10:59:07.930root 11241100x80000000000000002053931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb03be9f21280c62022-02-14 10:59:07.930root 11241100x80000000000000002053932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:07.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b39293e7a7a5d12022-02-14 10:59:07.931root 11241100x80000000000000002053933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3ff8dbd0dc69702022-02-14 10:59:08.430root 11241100x80000000000000002053934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27d03a28113b95c2022-02-14 10:59:08.430root 11241100x80000000000000002053935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615c793ed35152f42022-02-14 10:59:08.430root 11241100x80000000000000002053936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd8abce5ab898c12022-02-14 10:59:08.430root 11241100x80000000000000002053937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905baf1667a34b742022-02-14 10:59:08.430root 11241100x80000000000000002053938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabe91f455eba05d2022-02-14 10:59:08.430root 11241100x80000000000000002053939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8c2bffc604bcaa2022-02-14 10:59:08.430root 11241100x80000000000000002053940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab7b7dd38fc551d2022-02-14 10:59:08.430root 11241100x80000000000000002053941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57679859a5bb1f8f2022-02-14 10:59:08.930root 11241100x80000000000000002053942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f29fcd4ceb20c1f2022-02-14 10:59:08.930root 11241100x80000000000000002053943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09515e5c4a4ae192022-02-14 10:59:08.930root 11241100x80000000000000002053944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4707cc48ecaf6ef2022-02-14 10:59:08.930root 11241100x80000000000000002053945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002ebdba0b923d932022-02-14 10:59:08.930root 11241100x80000000000000002053946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93a45afff231f872022-02-14 10:59:08.930root 11241100x80000000000000002053947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bd5508b0accfb52022-02-14 10:59:08.930root 11241100x80000000000000002053948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:08.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d0fbc460b6ba3e2022-02-14 10:59:08.930root 11241100x80000000000000002053949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42245d7f7b5cd6f2022-02-14 10:59:09.430root 11241100x80000000000000002053950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60de315cbe71c142022-02-14 10:59:09.430root 11241100x80000000000000002053951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a38552c996557f72022-02-14 10:59:09.430root 11241100x80000000000000002053952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf6da54b835d7dd2022-02-14 10:59:09.430root 11241100x80000000000000002053953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fadbe42f112eec42022-02-14 10:59:09.431root 11241100x80000000000000002053954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda7ece09841cf922022-02-14 10:59:09.431root 11241100x80000000000000002053955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1703616b245256c22022-02-14 10:59:09.431root 11241100x80000000000000002053956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295011827129cbde2022-02-14 10:59:09.431root 11241100x80000000000000002053957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ff24b699fe38a82022-02-14 10:59:09.930root 11241100x80000000000000002053958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c29c9a9b380c2a22022-02-14 10:59:09.930root 11241100x80000000000000002053959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6088667f28ecb5b02022-02-14 10:59:09.930root 11241100x80000000000000002053960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca4697b4ff414e82022-02-14 10:59:09.930root 11241100x80000000000000002053961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad9ff25a248261f2022-02-14 10:59:09.931root 11241100x80000000000000002053962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96df6c412e2e375e2022-02-14 10:59:09.931root 11241100x80000000000000002053963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaec4032550a89c2022-02-14 10:59:09.931root 11241100x80000000000000002053964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215845245a1af70e2022-02-14 10:59:09.931root 11241100x80000000000000002053965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.015{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 10:59:10.015root 11241100x80000000000000002053966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af688b905a93c8d32022-02-14 10:59:10.430root 11241100x80000000000000002053967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde834bf5d0d07ae2022-02-14 10:59:10.430root 11241100x80000000000000002053968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570e9fd877b9cb502022-02-14 10:59:10.430root 11241100x80000000000000002053969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e611faccb97f892022-02-14 10:59:10.430root 11241100x80000000000000002053970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c30f1d640352a122022-02-14 10:59:10.430root 11241100x80000000000000002053971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed508da1acacfcf2022-02-14 10:59:10.430root 11241100x80000000000000002053972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349d24b086960ea82022-02-14 10:59:10.431root 11241100x80000000000000002053973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afac6f6afbbf1582022-02-14 10:59:10.431root 11241100x80000000000000002053974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeef7d9249d66a92022-02-14 10:59:10.431root 11241100x80000000000000002053975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfada4d84a32f072022-02-14 10:59:10.930root 11241100x80000000000000002053976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c21a1a95b54d2e2022-02-14 10:59:10.930root 11241100x80000000000000002053977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7863e9715d74452022-02-14 10:59:10.930root 11241100x80000000000000002053978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3125ede4253d4b2022-02-14 10:59:10.931root 11241100x80000000000000002053979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62d6bc37b43110b2022-02-14 10:59:10.931root 11241100x80000000000000002053980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba9d8b0300e15e12022-02-14 10:59:10.931root 11241100x80000000000000002053981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdfb833d9f196212022-02-14 10:59:10.932root 11241100x80000000000000002053982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57210ddc3dbc8e512022-02-14 10:59:10.932root 11241100x80000000000000002053983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:10.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d988d2ae97f5c72a2022-02-14 10:59:10.932root 354300x80000000000000002053984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.100{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-58234-false10.0.1.12-8089- 11241100x80000000000000002053985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510d32d0e7fc88852022-02-14 10:59:11.429root 11241100x80000000000000002053986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d9c3b2bb2eff652022-02-14 10:59:11.430root 11241100x80000000000000002053987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5939724b3ae7842022-02-14 10:59:11.430root 11241100x80000000000000002053988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155f6372a212896b2022-02-14 10:59:11.430root 11241100x80000000000000002053989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f787e9e1778cad2022-02-14 10:59:11.430root 11241100x80000000000000002053990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f4e4e87a06236a2022-02-14 10:59:11.430root 11241100x80000000000000002053991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dd0597a5417eb72022-02-14 10:59:11.430root 11241100x80000000000000002053992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a116ea6ee672d72022-02-14 10:59:11.430root 11241100x80000000000000002053993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf3870d324e77462022-02-14 10:59:11.430root 11241100x80000000000000002053994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a41afedb8054b32022-02-14 10:59:11.430root 11241100x80000000000000002053995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990863d5b691bfe12022-02-14 10:59:11.930root 11241100x80000000000000002053996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4ab773a29198c12022-02-14 10:59:11.930root 11241100x80000000000000002053997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67400d1ee73f47b42022-02-14 10:59:11.930root 11241100x80000000000000002053998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b343fdd987d9e792022-02-14 10:59:11.930root 11241100x80000000000000002053999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e5af55fdbfef642022-02-14 10:59:11.930root 11241100x80000000000000002054000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ef813809a425ae2022-02-14 10:59:11.931root 11241100x80000000000000002054001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a6cf7dae3881732022-02-14 10:59:11.931root 11241100x80000000000000002054002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c5fdc227d2a4d22022-02-14 10:59:11.931root 11241100x80000000000000002054003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571e6ba4a3eabc672022-02-14 10:59:11.931root 11241100x80000000000000002054004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:11.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7881485aaf16eba82022-02-14 10:59:11.931root 11241100x80000000000000002054005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ccba45279979642022-02-14 10:59:12.430root 11241100x80000000000000002054006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79c35150c166d992022-02-14 10:59:12.430root 11241100x80000000000000002054007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69826112b2dae4fb2022-02-14 10:59:12.430root 11241100x80000000000000002054008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c075246d8705db2022-02-14 10:59:12.431root 11241100x80000000000000002054009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc78f551696d58672022-02-14 10:59:12.431root 11241100x80000000000000002054010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974c5a3ab50024f22022-02-14 10:59:12.431root 11241100x80000000000000002054011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778e0d09becda8452022-02-14 10:59:12.431root 11241100x80000000000000002054012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff302bc0e7804e12022-02-14 10:59:12.431root 11241100x80000000000000002054013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f403e26ed16f462022-02-14 10:59:12.431root 11241100x80000000000000002054014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac0b56723e23efc2022-02-14 10:59:12.431root 11241100x80000000000000002054015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7437c20694e72372022-02-14 10:59:12.930root 11241100x80000000000000002054016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f484be50e900cbc52022-02-14 10:59:12.930root 11241100x80000000000000002054017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83106a6a985327392022-02-14 10:59:12.930root 11241100x80000000000000002054018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add26bcc466bd0822022-02-14 10:59:12.930root 11241100x80000000000000002054019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501d14fdc195aa2d2022-02-14 10:59:12.930root 11241100x80000000000000002054020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccd2e000444d71a2022-02-14 10:59:12.930root 11241100x80000000000000002054021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f4f8de12d0c6c22022-02-14 10:59:12.930root 11241100x80000000000000002054022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9c5d179632ca032022-02-14 10:59:12.931root 11241100x80000000000000002054023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edd816528e773342022-02-14 10:59:12.931root 11241100x80000000000000002054024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:12.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00baa91dd7d8e9442022-02-14 10:59:12.931root 23542300x80000000000000002054025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.016{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002054026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.053{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54748-false10.0.1.12-8000- 11241100x80000000000000002054027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38b3e64082754012022-02-14 10:59:13.429root 11241100x80000000000000002054028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070e215fb69c8bd22022-02-14 10:59:13.430root 11241100x80000000000000002054029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab199180c769b04c2022-02-14 10:59:13.430root 11241100x80000000000000002054030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9953fc6adc00ba702022-02-14 10:59:13.430root 11241100x80000000000000002054031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ada1129096d29d2022-02-14 10:59:13.430root 11241100x80000000000000002054032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7952fe3d41f82d2022-02-14 10:59:13.430root 11241100x80000000000000002054033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f78988da66e04ec2022-02-14 10:59:13.430root 11241100x80000000000000002054034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0396003d4c3ef362022-02-14 10:59:13.430root 11241100x80000000000000002054035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6224a135fac4d0992022-02-14 10:59:13.430root 11241100x80000000000000002054036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6942d33cce57fe232022-02-14 10:59:13.430root 11241100x80000000000000002054037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b009121bbc73692022-02-14 10:59:13.431root 11241100x80000000000000002054038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad510d06b0bd7032022-02-14 10:59:13.431root 11241100x80000000000000002054039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e573622179b226ef2022-02-14 10:59:13.930root 11241100x80000000000000002054040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d819f814b79c3b2022-02-14 10:59:13.930root 11241100x80000000000000002054041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9267fd34e95119a32022-02-14 10:59:13.930root 11241100x80000000000000002054042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4b0c21c4db14882022-02-14 10:59:13.930root 11241100x80000000000000002054043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97622e71694c67622022-02-14 10:59:13.930root 11241100x80000000000000002054044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447c82cf531758a32022-02-14 10:59:13.931root 11241100x80000000000000002054045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2ed0764335f4b82022-02-14 10:59:13.931root 11241100x80000000000000002054046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a763e5b3ec995d2022-02-14 10:59:13.931root 11241100x80000000000000002054047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee98b4b12fbedae2022-02-14 10:59:13.931root 11241100x80000000000000002054048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0521eada26029b2022-02-14 10:59:13.932root 11241100x80000000000000002054049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4ec7c1476ed4d52022-02-14 10:59:13.932root 11241100x80000000000000002054050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539a520d85f42ca12022-02-14 10:59:13.932root 11241100x80000000000000002054051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c401711b984ed142022-02-14 10:59:14.430root 11241100x80000000000000002054052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a724ba6d447fbdc2022-02-14 10:59:14.430root 11241100x80000000000000002054053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0ea749c3d3bca52022-02-14 10:59:14.430root 11241100x80000000000000002054054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3359795bdcbc4f4c2022-02-14 10:59:14.430root 11241100x80000000000000002054055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f188116495e02d2022-02-14 10:59:14.430root 11241100x80000000000000002054056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d11964682883b832022-02-14 10:59:14.430root 11241100x80000000000000002054057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078e51f9c37e0ea52022-02-14 10:59:14.430root 11241100x80000000000000002054058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bb78ab9105bc762022-02-14 10:59:14.430root 11241100x80000000000000002054059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31efb252c67574172022-02-14 10:59:14.431root 11241100x80000000000000002054060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb18f0755d74fd392022-02-14 10:59:14.431root 11241100x80000000000000002054061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d8f485918db2012022-02-14 10:59:14.431root 11241100x80000000000000002054062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f34c65d4ce23b82022-02-14 10:59:14.431root 11241100x80000000000000002054063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2320a816f90aeb2022-02-14 10:59:14.930root 11241100x80000000000000002054064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d7c741781fa8172022-02-14 10:59:14.930root 11241100x80000000000000002054065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc9b6dc7dfdbb0c2022-02-14 10:59:14.930root 11241100x80000000000000002054066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2eca6bf873d8b9b2022-02-14 10:59:14.930root 11241100x80000000000000002054067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa39939068739aa2022-02-14 10:59:14.930root 11241100x80000000000000002054068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a4b9679c0745232022-02-14 10:59:14.930root 11241100x80000000000000002054069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a280e89dcb99bb882022-02-14 10:59:14.931root 11241100x80000000000000002054070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15f6e1799b1afb02022-02-14 10:59:14.931root 11241100x80000000000000002054071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb0b5fb307fb3d82022-02-14 10:59:14.931root 11241100x80000000000000002054072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7c92590c8c050b2022-02-14 10:59:14.931root 11241100x80000000000000002054073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f935d06dc2f2faa42022-02-14 10:59:14.931root 11241100x80000000000000002054074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48811af62b77f5ee2022-02-14 10:59:14.931root 11241100x80000000000000002054075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b7024b87965dba2022-02-14 10:59:15.430root 11241100x80000000000000002054076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1994329aa8de6a1c2022-02-14 10:59:15.430root 11241100x80000000000000002054077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db3c922bb13e5a22022-02-14 10:59:15.430root 11241100x80000000000000002054078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9ef4a6e9e5af262022-02-14 10:59:15.431root 11241100x80000000000000002054079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0326fda5b147134d2022-02-14 10:59:15.431root 11241100x80000000000000002054080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09709e61ea6cbc22022-02-14 10:59:15.431root 11241100x80000000000000002054081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364df9e3f64a1c772022-02-14 10:59:15.431root 11241100x80000000000000002054082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0ea3b7ef123d912022-02-14 10:59:15.431root 11241100x80000000000000002054083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b54dbd1c82c55c52022-02-14 10:59:15.431root 11241100x80000000000000002054084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e952b38245917432022-02-14 10:59:15.431root 11241100x80000000000000002054085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4880c85c098bb8bc2022-02-14 10:59:15.431root 11241100x80000000000000002054086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7d7e2a289e948a2022-02-14 10:59:15.432root 11241100x80000000000000002054087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055b5d0f04288e7f2022-02-14 10:59:15.930root 11241100x80000000000000002054088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ffb734e2b6eb262022-02-14 10:59:15.930root 11241100x80000000000000002054089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bf8e5e18ad1ad72022-02-14 10:59:15.930root 11241100x80000000000000002054090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f9ada7ef694e642022-02-14 10:59:15.930root 11241100x80000000000000002054091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03904e724c7d17ea2022-02-14 10:59:15.930root 11241100x80000000000000002054092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38793c144c7a502c2022-02-14 10:59:15.931root 11241100x80000000000000002054093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a345ef8be3f18e2022-02-14 10:59:15.931root 11241100x80000000000000002054094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde51b93ab5aa6f02022-02-14 10:59:15.931root 11241100x80000000000000002054095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bfc3559e25f1fa2022-02-14 10:59:15.931root 11241100x80000000000000002054096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9434b7c944a6dc782022-02-14 10:59:15.931root 11241100x80000000000000002054097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014a1b777e4b398a2022-02-14 10:59:15.931root 11241100x80000000000000002054098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43ed6be0bfc6f842022-02-14 10:59:15.931root 11241100x80000000000000002054099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97340db83ffbaa22022-02-14 10:59:16.430root 11241100x80000000000000002054100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4fa4f06623d1902022-02-14 10:59:16.430root 11241100x80000000000000002054101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4510e08565f3e62022-02-14 10:59:16.430root 11241100x80000000000000002054102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d46d00604b68d4b2022-02-14 10:59:16.430root 11241100x80000000000000002054103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7d9a10cb60d13a2022-02-14 10:59:16.430root 11241100x80000000000000002054104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee2fe65fb9d3fd62022-02-14 10:59:16.431root 11241100x80000000000000002054105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a90d63c20f810062022-02-14 10:59:16.431root 11241100x80000000000000002054106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a167dd50af7acd62022-02-14 10:59:16.431root 11241100x80000000000000002054107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89ee7dfac0eafdd2022-02-14 10:59:16.431root 11241100x80000000000000002054108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b880f77ab0e5ba9b2022-02-14 10:59:16.431root 11241100x80000000000000002054109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73458c7d665ddfe02022-02-14 10:59:16.431root 11241100x80000000000000002054110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2019c67e2f42e52022-02-14 10:59:16.431root 11241100x80000000000000002054111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044dea38bf0440262022-02-14 10:59:16.930root 11241100x80000000000000002054112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a673aa4972fa8ca2022-02-14 10:59:16.930root 11241100x80000000000000002054113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6aa0dcb2b2ec802022-02-14 10:59:16.930root 11241100x80000000000000002054114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ddeedd8a87b1c72022-02-14 10:59:16.930root 11241100x80000000000000002054115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d26e9a0002a5d32022-02-14 10:59:16.931root 11241100x80000000000000002054116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55f1700a56fcb0d2022-02-14 10:59:16.931root 11241100x80000000000000002054117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ff0dcd3bc6663a2022-02-14 10:59:16.931root 11241100x80000000000000002054118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5326081e7040312022-02-14 10:59:16.931root 11241100x80000000000000002054119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57c40c35cad27e92022-02-14 10:59:16.931root 11241100x80000000000000002054120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430067d60183bd182022-02-14 10:59:16.932root 11241100x80000000000000002054121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22ab9fae794670f2022-02-14 10:59:16.932root 11241100x80000000000000002054122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:16.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91672094199359712022-02-14 10:59:16.932root 11241100x80000000000000002054123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a165a21abb7bfef62022-02-14 10:59:17.430root 11241100x80000000000000002054124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b155d5305107965f2022-02-14 10:59:17.430root 11241100x80000000000000002054125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16394a7b04ee2332022-02-14 10:59:17.431root 11241100x80000000000000002054126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9201d270e646e6c22022-02-14 10:59:17.431root 11241100x80000000000000002054127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869a19aec54a1f382022-02-14 10:59:17.431root 11241100x80000000000000002054128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af5fc24c24f6fe62022-02-14 10:59:17.431root 11241100x80000000000000002054129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdc41ba4fb75f862022-02-14 10:59:17.431root 11241100x80000000000000002054130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd36710e0e86d7122022-02-14 10:59:17.431root 11241100x80000000000000002054131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efe13f65e7dd9722022-02-14 10:59:17.432root 11241100x80000000000000002054132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625146f9ad404fbd2022-02-14 10:59:17.432root 11241100x80000000000000002054133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5025e0898f0766e72022-02-14 10:59:17.432root 11241100x80000000000000002054134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d657e2e223cf87032022-02-14 10:59:17.432root 11241100x80000000000000002054135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a96cacd8cf0ea72022-02-14 10:59:17.930root 11241100x80000000000000002054136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01927b0409971042022-02-14 10:59:17.930root 11241100x80000000000000002054137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b439c8d05ab5c76d2022-02-14 10:59:17.931root 11241100x80000000000000002054138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a25eb331ea465b2022-02-14 10:59:17.931root 11241100x80000000000000002054139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460a274590b954ca2022-02-14 10:59:17.931root 11241100x80000000000000002054140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1573696259df7c82022-02-14 10:59:17.931root 11241100x80000000000000002054141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7e97c11108a1b12022-02-14 10:59:17.931root 11241100x80000000000000002054142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736523bff9a676112022-02-14 10:59:17.931root 11241100x80000000000000002054143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d0025c023461002022-02-14 10:59:17.931root 11241100x80000000000000002054144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9083933ee6b0c52022-02-14 10:59:17.931root 11241100x80000000000000002054145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3d9cea978219f92022-02-14 10:59:17.932root 11241100x80000000000000002054146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9187ec89b2f1532022-02-14 10:59:17.932root 11241100x80000000000000002054147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc68b603c2833a5a2022-02-14 10:59:18.430root 11241100x80000000000000002054148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162716fb0f4c3da82022-02-14 10:59:18.430root 11241100x80000000000000002054149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f3e25864237e1b2022-02-14 10:59:18.430root 11241100x80000000000000002054150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520e5ec2c86f98492022-02-14 10:59:18.430root 11241100x80000000000000002054151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f032a74d125edb2022-02-14 10:59:18.431root 11241100x80000000000000002054152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de4dd26995b9afd2022-02-14 10:59:18.431root 11241100x80000000000000002054153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3914fc7a53bd80662022-02-14 10:59:18.431root 11241100x80000000000000002054154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f39ca7b231cc49f2022-02-14 10:59:18.431root 11241100x80000000000000002054155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adba495d6dec52b2022-02-14 10:59:18.432root 11241100x80000000000000002054156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7fdda8050257092022-02-14 10:59:18.432root 11241100x80000000000000002054157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6922dfa9af77c0d2022-02-14 10:59:18.432root 11241100x80000000000000002054158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d209bbbdf7e9d42022-02-14 10:59:18.432root 11241100x80000000000000002054159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988c563ad39ab0ca2022-02-14 10:59:18.930root 11241100x80000000000000002054160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ab250e79c0e2a12022-02-14 10:59:18.930root 11241100x80000000000000002054161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762f1679c8b0c64f2022-02-14 10:59:18.930root 11241100x80000000000000002054162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e264325f659fde5c2022-02-14 10:59:18.930root 11241100x80000000000000002054163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c48b6ce102d29962022-02-14 10:59:18.931root 11241100x80000000000000002054164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c758fe9c9bf516522022-02-14 10:59:18.931root 11241100x80000000000000002054165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e310a65ccb6668fd2022-02-14 10:59:18.931root 11241100x80000000000000002054166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb066b4ad7281852022-02-14 10:59:18.931root 11241100x80000000000000002054167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3efa384e7172122022-02-14 10:59:18.931root 11241100x80000000000000002054168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6eb9d38b5543bb2022-02-14 10:59:18.931root 11241100x80000000000000002054169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7007e2a0f190db22022-02-14 10:59:18.931root 11241100x80000000000000002054170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0403043f367ccf2022-02-14 10:59:18.932root 354300x80000000000000002054171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.039{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54750-false10.0.1.12-8000- 11241100x80000000000000002054172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b6ebcf943d94f32022-02-14 10:59:19.430root 11241100x80000000000000002054173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fde5b9688baf2d52022-02-14 10:59:19.430root 11241100x80000000000000002054174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd1d7e4c67e4c292022-02-14 10:59:19.430root 11241100x80000000000000002054175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a07992e4c63fd32022-02-14 10:59:19.430root 11241100x80000000000000002054176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4b9ac8984edde12022-02-14 10:59:19.431root 11241100x80000000000000002054177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5d42892915202d2022-02-14 10:59:19.431root 11241100x80000000000000002054178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53f382586b5d4052022-02-14 10:59:19.431root 11241100x80000000000000002054179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443ff42c77a4c04d2022-02-14 10:59:19.431root 11241100x80000000000000002054180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367a9ec5443fc9a62022-02-14 10:59:19.431root 11241100x80000000000000002054181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909eef7c82238a4c2022-02-14 10:59:19.431root 11241100x80000000000000002054182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dd4b80ef162f962022-02-14 10:59:19.431root 11241100x80000000000000002054183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556fb8f7cc58c7a42022-02-14 10:59:19.431root 11241100x80000000000000002054184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dfd14e17e49c882022-02-14 10:59:19.431root 11241100x80000000000000002054185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c180c4596b60fd32022-02-14 10:59:19.930root 11241100x80000000000000002054186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff20c55ba2e617ac2022-02-14 10:59:19.930root 11241100x80000000000000002054187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cb0b8a3ab404172022-02-14 10:59:19.930root 11241100x80000000000000002054188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1669b510039bb9732022-02-14 10:59:19.930root 11241100x80000000000000002054189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f33fec7a55350fb2022-02-14 10:59:19.930root 11241100x80000000000000002054190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81486cbdbd1f74172022-02-14 10:59:19.930root 11241100x80000000000000002054191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ca817ce5c306602022-02-14 10:59:19.931root 11241100x80000000000000002054192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e26677943b25312022-02-14 10:59:19.931root 11241100x80000000000000002054193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750e6886cb4183362022-02-14 10:59:19.931root 11241100x80000000000000002054194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9bb431e1f75da62022-02-14 10:59:19.931root 11241100x80000000000000002054195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d02ac2f93c18b02022-02-14 10:59:19.931root 11241100x80000000000000002054196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86925cf7b9c485a2022-02-14 10:59:19.931root 11241100x80000000000000002054197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c34816860fea962022-02-14 10:59:19.931root 11241100x80000000000000002054198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c821b578b63835a2022-02-14 10:59:20.430root 11241100x80000000000000002054199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807ab01c8e2341232022-02-14 10:59:20.430root 11241100x80000000000000002054200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aec9627cfc004e72022-02-14 10:59:20.430root 11241100x80000000000000002054201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34a5c58311261422022-02-14 10:59:20.430root 11241100x80000000000000002054202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15073f35991de302022-02-14 10:59:20.430root 11241100x80000000000000002054203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a01e5951019b2d92022-02-14 10:59:20.431root 11241100x80000000000000002054204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60983a40491fe12d2022-02-14 10:59:20.431root 11241100x80000000000000002054205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b5d0a24fadf4462022-02-14 10:59:20.431root 11241100x80000000000000002054206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855f9f1bc4cbc0c22022-02-14 10:59:20.431root 11241100x80000000000000002054207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f898e5aef46729162022-02-14 10:59:20.431root 11241100x80000000000000002054208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14f7c59df6f24bf2022-02-14 10:59:20.431root 11241100x80000000000000002054209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0e68d9383cb7962022-02-14 10:59:20.431root 11241100x80000000000000002054210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b46e1a8389ed6c12022-02-14 10:59:20.431root 11241100x80000000000000002054211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9c4f94415af6b92022-02-14 10:59:20.930root 11241100x80000000000000002054212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec12874640c2dde2022-02-14 10:59:20.930root 11241100x80000000000000002054213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68ba41e46bd3b4d2022-02-14 10:59:20.930root 11241100x80000000000000002054214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdab98fcd2899312022-02-14 10:59:20.931root 11241100x80000000000000002054215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45291391fdbad8532022-02-14 10:59:20.931root 11241100x80000000000000002054216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60f2afce63221222022-02-14 10:59:20.931root 11241100x80000000000000002054217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6769272fff40832022-02-14 10:59:20.931root 11241100x80000000000000002054218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488bce47c27888812022-02-14 10:59:20.931root 11241100x80000000000000002054219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543c4baedfbb77fd2022-02-14 10:59:20.931root 11241100x80000000000000002054220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2016cac2715318772022-02-14 10:59:20.932root 11241100x80000000000000002054221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f137f928810f145a2022-02-14 10:59:20.932root 11241100x80000000000000002054222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac635d8a23b89da2022-02-14 10:59:20.932root 11241100x80000000000000002054223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a30c7cbd56056292022-02-14 10:59:20.932root 11241100x80000000000000002054224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec9f6034f36f4dd2022-02-14 10:59:21.430root 11241100x80000000000000002054225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8c641e9e0706a62022-02-14 10:59:21.431root 11241100x80000000000000002054226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30eefee30760fbe2022-02-14 10:59:21.431root 11241100x80000000000000002054227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b5d1b11af7d5752022-02-14 10:59:21.431root 11241100x80000000000000002054228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09478bfc4cc21def2022-02-14 10:59:21.431root 11241100x80000000000000002054229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b1c2072a9f9f252022-02-14 10:59:21.431root 11241100x80000000000000002054230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0b64e7bb00ccbe2022-02-14 10:59:21.431root 11241100x80000000000000002054231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4dcec045743dc82022-02-14 10:59:21.431root 11241100x80000000000000002054232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528424f204d812812022-02-14 10:59:21.431root 11241100x80000000000000002054233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2972dfdb6ef671072022-02-14 10:59:21.432root 11241100x80000000000000002054234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecc105f166f6a742022-02-14 10:59:21.432root 11241100x80000000000000002054235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfa0df7591516ef2022-02-14 10:59:21.432root 11241100x80000000000000002054236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befca3138a3ed9892022-02-14 10:59:21.432root 11241100x80000000000000002054237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c5d23b2a0d0a082022-02-14 10:59:21.930root 11241100x80000000000000002054238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a296ca3d2ee6f50f2022-02-14 10:59:21.930root 11241100x80000000000000002054239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48424bc0fe179c92022-02-14 10:59:21.930root 11241100x80000000000000002054240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c9f9418369638e2022-02-14 10:59:21.930root 11241100x80000000000000002054241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cfbfe9ad8894822022-02-14 10:59:21.930root 11241100x80000000000000002054242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd28bfb316947eb2022-02-14 10:59:21.930root 11241100x80000000000000002054243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5196acd49cc0f6852022-02-14 10:59:21.931root 11241100x80000000000000002054244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d1814f9887b7d72022-02-14 10:59:21.931root 11241100x80000000000000002054245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc51ec33dbc3b152022-02-14 10:59:21.931root 11241100x80000000000000002054246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5af29625855d84a2022-02-14 10:59:21.931root 11241100x80000000000000002054247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2e79a6d0f00e8e2022-02-14 10:59:21.931root 11241100x80000000000000002054248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1a4ab616f6820c2022-02-14 10:59:21.931root 11241100x80000000000000002054249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68327c532fc383ba2022-02-14 10:59:21.931root 11241100x80000000000000002054250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e600bed00f7e3a62022-02-14 10:59:22.430root 11241100x80000000000000002054251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a18ba6dbf6e82eb2022-02-14 10:59:22.430root 11241100x80000000000000002054252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40aba235b92258c82022-02-14 10:59:22.430root 11241100x80000000000000002054253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67e7301994d79812022-02-14 10:59:22.430root 11241100x80000000000000002054254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94305cc902cdb1682022-02-14 10:59:22.430root 11241100x80000000000000002054255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693f940ab9b797cb2022-02-14 10:59:22.431root 11241100x80000000000000002054256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8de5e247be11fba2022-02-14 10:59:22.431root 11241100x80000000000000002054257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40f63d385956aac2022-02-14 10:59:22.431root 11241100x80000000000000002054258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5183f0cfb98e402022-02-14 10:59:22.431root 11241100x80000000000000002054259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28aae5d9372708562022-02-14 10:59:22.431root 11241100x80000000000000002054260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05f213ac32783852022-02-14 10:59:22.431root 11241100x80000000000000002054261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55a62239bd59b8c2022-02-14 10:59:22.431root 11241100x80000000000000002054262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96b2ff4e1c7e2b32022-02-14 10:59:22.431root 11241100x80000000000000002054263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74691c5c69bf3522022-02-14 10:59:22.930root 11241100x80000000000000002054264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dc005dc0fa63122022-02-14 10:59:22.930root 11241100x80000000000000002054265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db0313646c91d852022-02-14 10:59:22.930root 11241100x80000000000000002054266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b955ae3285f189082022-02-14 10:59:22.932root 11241100x80000000000000002054267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16a002212b9f3a62022-02-14 10:59:22.932root 11241100x80000000000000002054268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d0583d2e0b33c52022-02-14 10:59:22.932root 11241100x80000000000000002054269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aec988cda4699bd2022-02-14 10:59:22.932root 11241100x80000000000000002054270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e663e93d50f6b32022-02-14 10:59:22.932root 11241100x80000000000000002054271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305e13eca45242ab2022-02-14 10:59:22.932root 11241100x80000000000000002054272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d01c3e8745d912e2022-02-14 10:59:22.933root 11241100x80000000000000002054273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ab212aa172eaf82022-02-14 10:59:22.933root 11241100x80000000000000002054274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df821def0b181be2022-02-14 10:59:22.933root 11241100x80000000000000002054275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:22.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87bd2b6d06bdc372022-02-14 10:59:22.933root 11241100x80000000000000002054276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a2e1a6be804d882022-02-14 10:59:23.430root 11241100x80000000000000002054277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed729c6b92a79ce82022-02-14 10:59:23.430root 11241100x80000000000000002054278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edddf363dd2518d2022-02-14 10:59:23.430root 11241100x80000000000000002054279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e206b7ac23f40e2022-02-14 10:59:23.430root 11241100x80000000000000002054280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cceae2aee91f43962022-02-14 10:59:23.430root 11241100x80000000000000002054281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74984a8c742908ab2022-02-14 10:59:23.431root 11241100x80000000000000002054282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5d0f94f0dab9992022-02-14 10:59:23.431root 11241100x80000000000000002054283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58707cfc9f347d8d2022-02-14 10:59:23.431root 11241100x80000000000000002054284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e45635a9ca69bf62022-02-14 10:59:23.431root 11241100x80000000000000002054285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2cf7a67d09fb062022-02-14 10:59:23.431root 11241100x80000000000000002054286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f165165273cbb4142022-02-14 10:59:23.431root 11241100x80000000000000002054287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb03676d354cc3032022-02-14 10:59:23.431root 11241100x80000000000000002054288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9265f0bc843a9a32022-02-14 10:59:23.431root 11241100x80000000000000002054289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4997c68bc265d63f2022-02-14 10:59:23.930root 11241100x80000000000000002054290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6805cfc51040f1312022-02-14 10:59:23.930root 11241100x80000000000000002054291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037fff4cd30424d02022-02-14 10:59:23.930root 11241100x80000000000000002054292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a47eccc97765d72022-02-14 10:59:23.930root 11241100x80000000000000002054293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6e1a79dfdada3b2022-02-14 10:59:23.930root 11241100x80000000000000002054294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7122cdd9554d4d52022-02-14 10:59:23.930root 11241100x80000000000000002054295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162a4796c825cb462022-02-14 10:59:23.930root 11241100x80000000000000002054296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34e0ccae4b935e22022-02-14 10:59:23.930root 11241100x80000000000000002054297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2113c27d67f099c2022-02-14 10:59:23.931root 11241100x80000000000000002054298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce604c16503e2612022-02-14 10:59:23.931root 11241100x80000000000000002054299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dc4a929fa325c22022-02-14 10:59:23.931root 11241100x80000000000000002054300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b576a4e513c097b2022-02-14 10:59:23.931root 11241100x80000000000000002054301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b899e400952728a2022-02-14 10:59:23.931root 354300x80000000000000002054302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.171{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54752-false10.0.1.12-8000- 11241100x80000000000000002054303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7637267d6b2968df2022-02-14 10:59:24.430root 11241100x80000000000000002054304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06cf84f1ea216312022-02-14 10:59:24.430root 11241100x80000000000000002054305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1c67b27b232f072022-02-14 10:59:24.430root 11241100x80000000000000002054306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c7d8c8ab84ec922022-02-14 10:59:24.430root 11241100x80000000000000002054307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794a622388efa4112022-02-14 10:59:24.430root 11241100x80000000000000002054308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5967b7acd1f8bdc2022-02-14 10:59:24.430root 11241100x80000000000000002054309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3ce48253c4dd982022-02-14 10:59:24.430root 11241100x80000000000000002054310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f934eb6f3261ffa2022-02-14 10:59:24.431root 11241100x80000000000000002054311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be66e0d60a622a9f2022-02-14 10:59:24.431root 11241100x80000000000000002054312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82023d9fb75ecee12022-02-14 10:59:24.431root 11241100x80000000000000002054313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d327057900ce4832022-02-14 10:59:24.431root 11241100x80000000000000002054314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b690123b0333092022-02-14 10:59:24.431root 11241100x80000000000000002054315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35dedf8eca9c33d2022-02-14 10:59:24.431root 11241100x80000000000000002054316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 10:59:24.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38f4d7a18a4d0cf2022-02-14 10:59:24.431root