11241100x8000000000000000316911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a7b7c7d677afae2021-12-17 12:30:49.056root 11241100x8000000000000000316912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b2159a7e843ff62021-12-17 12:30:49.057root 11241100x8000000000000000316913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4efd455fa16db882021-12-17 12:30:49.057root 11241100x8000000000000000316914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b42fe717a1182c52021-12-17 12:30:49.057root 11241100x8000000000000000316915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd59ffbf834a8b52021-12-17 12:30:49.057root 11241100x8000000000000000316916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a855f80928c74a2021-12-17 12:30:49.057root 11241100x8000000000000000316917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dbaad770a656832021-12-17 12:30:49.057root 11241100x8000000000000000316918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74f1f3e86e55a022021-12-17 12:30:49.058root 11241100x8000000000000000316919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406d4cdd8270cf4b2021-12-17 12:30:49.556root 11241100x8000000000000000316920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3175a7c742761872021-12-17 12:30:49.557root 11241100x8000000000000000316921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2655a0403ed1d012021-12-17 12:30:49.557root 11241100x8000000000000000316922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5b99610726a4122021-12-17 12:30:49.557root 11241100x8000000000000000316923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bef9df569b634f2021-12-17 12:30:49.557root 11241100x8000000000000000316924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc0ba3114df4eb12021-12-17 12:30:49.557root 11241100x8000000000000000316925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6192477eda7ef3812021-12-17 12:30:49.557root 11241100x8000000000000000316926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863fd9a7fd8b8e092021-12-17 12:30:49.558root 11241100x8000000000000000316927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89672515e30ed1652021-12-17 12:30:50.056root 11241100x8000000000000000316928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53679bdaa17922c92021-12-17 12:30:50.057root 11241100x8000000000000000316929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00b6ab44d1a52a02021-12-17 12:30:50.057root 11241100x8000000000000000316930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfe4fde1727617c2021-12-17 12:30:50.057root 11241100x8000000000000000316931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df53d011859bc0e62021-12-17 12:30:50.057root 11241100x8000000000000000316932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2695254a7c8fdb182021-12-17 12:30:50.057root 11241100x8000000000000000316933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d164ad82be3629ea2021-12-17 12:30:50.057root 11241100x8000000000000000316934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f24270df99f77a72021-12-17 12:30:50.058root 11241100x8000000000000000316935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8747cabeb7140c2021-12-17 12:30:50.556root 11241100x8000000000000000316936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bd00fe457f8d032021-12-17 12:30:50.557root 11241100x8000000000000000316937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d1b940a6097b0b2021-12-17 12:30:50.557root 11241100x8000000000000000316938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacdbd0f155c3ca82021-12-17 12:30:50.557root 11241100x8000000000000000316939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580ecf0ba24d04ce2021-12-17 12:30:50.557root 11241100x8000000000000000316940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3691e27ed65320f2021-12-17 12:30:50.557root 11241100x8000000000000000316941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f471b768efb1e7c2021-12-17 12:30:50.557root 11241100x8000000000000000316942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55082da02fcfac62021-12-17 12:30:50.558root 11241100x8000000000000000316943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513c7e63a62c249c2021-12-17 12:30:51.056root 11241100x8000000000000000316944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5de5e604d237472021-12-17 12:30:51.057root 11241100x8000000000000000316945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff71715f694cb4bd2021-12-17 12:30:51.057root 11241100x8000000000000000316946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35252c383eec57072021-12-17 12:30:51.057root 11241100x8000000000000000316947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38490ebf23ce21f2021-12-17 12:30:51.057root 11241100x8000000000000000316948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55913e4c4cfb8612021-12-17 12:30:51.057root 11241100x8000000000000000316949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb165127d72a77c2021-12-17 12:30:51.058root 11241100x8000000000000000316950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb0c57b0663fa212021-12-17 12:30:51.058root 354300x8000000000000000316951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.125{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44494-false10.0.1.12-8000- 11241100x8000000000000000316952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4707a821df4abd2021-12-17 12:30:51.556root 11241100x8000000000000000316953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e556c7c6364f64bb2021-12-17 12:30:51.556root 11241100x8000000000000000316954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c364d848bf53922021-12-17 12:30:51.557root 11241100x8000000000000000316955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866ae8f573f175a12021-12-17 12:30:51.557root 11241100x8000000000000000316956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc873887c369bdfa2021-12-17 12:30:51.557root 11241100x8000000000000000316957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ebcb012e4eae852021-12-17 12:30:51.557root 11241100x8000000000000000316958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0949e9beea9873a52021-12-17 12:30:51.557root 11241100x8000000000000000316959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c487b12192451efe2021-12-17 12:30:51.557root 11241100x8000000000000000316960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a817e237587c776e2021-12-17 12:30:51.557root 11241100x8000000000000000316961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8d67a54b2f532b2021-12-17 12:30:52.056root 11241100x8000000000000000316962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca84edaad33b2ed2021-12-17 12:30:52.056root 11241100x8000000000000000316963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d278c8db47e4bb2a2021-12-17 12:30:52.057root 11241100x8000000000000000316964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb07feda06ce0332021-12-17 12:30:52.057root 11241100x8000000000000000316965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18db685d91283dce2021-12-17 12:30:52.057root 11241100x8000000000000000316966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0565513b3b21c91c2021-12-17 12:30:52.057root 11241100x8000000000000000316967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f30e0b4098cf192021-12-17 12:30:52.057root 11241100x8000000000000000316968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b7be56ef8255582021-12-17 12:30:52.057root 11241100x8000000000000000316969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d682c462f4a23a2021-12-17 12:30:52.057root 11241100x8000000000000000316970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b20dbf2c6a4bdf2021-12-17 12:30:52.556root 11241100x8000000000000000316971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a61c2529f1f18e2021-12-17 12:30:52.556root 11241100x8000000000000000316972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4587e236aba9af892021-12-17 12:30:52.557root 11241100x8000000000000000316973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af3a38639ec07b62021-12-17 12:30:52.557root 11241100x8000000000000000316974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3681c02ad1c865eb2021-12-17 12:30:52.557root 11241100x8000000000000000316975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306b3ebb0a275a152021-12-17 12:30:52.557root 11241100x8000000000000000316976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff8523deba6a0f02021-12-17 12:30:52.557root 11241100x8000000000000000316977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db42bfcd5993d7b2021-12-17 12:30:52.557root 11241100x8000000000000000316978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5afcf9a9f9ca88f2021-12-17 12:30:52.557root 11241100x8000000000000000316979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d764c5293fb030a2021-12-17 12:30:53.056root 11241100x8000000000000000316980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f7b1e9ee47c6202021-12-17 12:30:53.056root 11241100x8000000000000000316981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa9589baa7c63672021-12-17 12:30:53.057root 11241100x8000000000000000316982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5e3120083f51172021-12-17 12:30:53.057root 11241100x8000000000000000316983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83354dde1542bbb02021-12-17 12:30:53.057root 11241100x8000000000000000316984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fffe8cd3ee96ecc2021-12-17 12:30:53.057root 11241100x8000000000000000316985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e097933377cb4f2021-12-17 12:30:53.057root 11241100x8000000000000000316986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56f09d2d5507fc42021-12-17 12:30:53.057root 11241100x8000000000000000316987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa231df064429a02021-12-17 12:30:53.057root 11241100x8000000000000000316988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb5fcaf53c999902021-12-17 12:30:53.556root 11241100x8000000000000000316989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c193cc3ac8e6e1192021-12-17 12:30:53.556root 11241100x8000000000000000316990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee61c491c720b6522021-12-17 12:30:53.557root 11241100x8000000000000000316991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6283b1e0b2f85642021-12-17 12:30:53.557root 11241100x8000000000000000316992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aea10f566f30da12021-12-17 12:30:53.557root 11241100x8000000000000000316993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3bd3a42a0a52362021-12-17 12:30:53.557root 11241100x8000000000000000316994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ad95c0dcbcd7ec2021-12-17 12:30:53.557root 11241100x8000000000000000316995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a24cca04f26fb552021-12-17 12:30:53.557root 11241100x8000000000000000316996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4367a16d7a64813d2021-12-17 12:30:53.557root 11241100x8000000000000000316997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff6ecfc0e70c4f22021-12-17 12:30:54.056root 11241100x8000000000000000316998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff1b02eaf46d9292021-12-17 12:30:54.056root 11241100x8000000000000000316999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e86947e880535e02021-12-17 12:30:54.057root 11241100x8000000000000000317000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45f6cad02f268082021-12-17 12:30:54.057root 11241100x8000000000000000317001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa401ca38b5e7e92021-12-17 12:30:54.057root 11241100x8000000000000000317002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8110b33a303283b12021-12-17 12:30:54.057root 11241100x8000000000000000317003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bd8f1df61db6352021-12-17 12:30:54.057root 11241100x8000000000000000317004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758b0233399221362021-12-17 12:30:54.057root 11241100x8000000000000000317005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb9e0e6ee60fec72021-12-17 12:30:54.057root 11241100x8000000000000000317006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae4c89fd7c147762021-12-17 12:30:54.556root 11241100x8000000000000000317007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6214a3399122dbb2021-12-17 12:30:54.556root 11241100x8000000000000000317008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c9aea2c035fcc22021-12-17 12:30:54.557root 11241100x8000000000000000317009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f629f7552174bea2021-12-17 12:30:54.557root 11241100x8000000000000000317010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30acd7be2b83c5a2021-12-17 12:30:54.557root 11241100x8000000000000000317011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9779db1501b0f62021-12-17 12:30:54.557root 11241100x8000000000000000317012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e37ed0407c2bd42021-12-17 12:30:54.557root 11241100x8000000000000000317013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7763311ce38d06302021-12-17 12:30:54.557root 11241100x8000000000000000317014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7430f546908e46e2021-12-17 12:30:54.557root 11241100x8000000000000000317015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced5804cf6946ce82021-12-17 12:30:55.056root 11241100x8000000000000000317016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad14ebfd8c7b40612021-12-17 12:30:55.057root 11241100x8000000000000000317017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb8883ba68fa6062021-12-17 12:30:55.057root 11241100x8000000000000000317018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbf95da1795a7ae2021-12-17 12:30:55.057root 11241100x8000000000000000317019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf053ede69d5e532021-12-17 12:30:55.057root 11241100x8000000000000000317020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d760b78f19bda4e22021-12-17 12:30:55.057root 11241100x8000000000000000317021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14632730e66b67dc2021-12-17 12:30:55.057root 11241100x8000000000000000317022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a275aca2e72486432021-12-17 12:30:55.057root 11241100x8000000000000000317023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a931fdc9fc23db2021-12-17 12:30:55.057root 11241100x8000000000000000317024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698e5776680ed6652021-12-17 12:30:55.556root 11241100x8000000000000000317025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeed07a01248b4df2021-12-17 12:30:55.556root 11241100x8000000000000000317026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2ff1c875900e542021-12-17 12:30:55.557root 11241100x8000000000000000317027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e68ef24394acd72021-12-17 12:30:55.557root 11241100x8000000000000000317028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f42c7e68bf455472021-12-17 12:30:55.557root 11241100x8000000000000000317029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbcb58c81950d752021-12-17 12:30:55.557root 11241100x8000000000000000317030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0528e12a98d010f2021-12-17 12:30:55.557root 11241100x8000000000000000317031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d037bdedc35edbf72021-12-17 12:30:55.557root 11241100x8000000000000000317032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e96c5ae511a73312021-12-17 12:30:55.557root 11241100x8000000000000000317033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df4fbc596274a6b2021-12-17 12:30:56.056root 11241100x8000000000000000317034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac25e8d6521a3eb2021-12-17 12:30:56.056root 11241100x8000000000000000317035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42176a3e13af6d8a2021-12-17 12:30:56.057root 11241100x8000000000000000317036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20fb97a88fae1b22021-12-17 12:30:56.057root 11241100x8000000000000000317037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf5b603da41400b2021-12-17 12:30:56.057root 11241100x8000000000000000317038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e0c3002b93ab542021-12-17 12:30:56.057root 11241100x8000000000000000317039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcafb516917f5c892021-12-17 12:30:56.057root 11241100x8000000000000000317040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dd6be1768ba2552021-12-17 12:30:56.057root 11241100x8000000000000000317041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7802f04041e0b7402021-12-17 12:30:56.057root 354300x8000000000000000317042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.211{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44496-false10.0.1.12-8000- 11241100x8000000000000000317043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd4a0c6e09e8db82021-12-17 12:30:56.556root 11241100x8000000000000000317044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148d634713a1e65d2021-12-17 12:30:56.557root 11241100x8000000000000000317045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9982dcf92eab6f02021-12-17 12:30:56.557root 11241100x8000000000000000317046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571ed8f8b3b8202f2021-12-17 12:30:56.557root 11241100x8000000000000000317047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21196877145bce222021-12-17 12:30:56.557root 11241100x8000000000000000317048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f7cb6676535ccc2021-12-17 12:30:56.558root 11241100x8000000000000000317049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7063b4c800b31bea2021-12-17 12:30:56.558root 11241100x8000000000000000317050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fa384bb91379b82021-12-17 12:30:56.558root 11241100x8000000000000000317051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b3a5805e5eea792021-12-17 12:30:56.558root 11241100x8000000000000000317052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d220d794cb5ee62021-12-17 12:30:56.558root 11241100x8000000000000000317053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed85bdf6ce65c9a12021-12-17 12:30:57.057root 11241100x8000000000000000317054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53cbdab02a2b22e2021-12-17 12:30:57.057root 11241100x8000000000000000317055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af2642ff38bbe042021-12-17 12:30:57.058root 11241100x8000000000000000317056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e74eb23712b2c512021-12-17 12:30:57.058root 11241100x8000000000000000317057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826c08c807b0c38c2021-12-17 12:30:57.058root 11241100x8000000000000000317058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b476e5fbd2f3caa72021-12-17 12:30:57.058root 11241100x8000000000000000317059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bac578e07ab2ab2021-12-17 12:30:57.058root 11241100x8000000000000000317060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775d884b335706f42021-12-17 12:30:57.058root 11241100x8000000000000000317061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cf84b2173775112021-12-17 12:30:57.059root 11241100x8000000000000000317062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc55e591810d6142021-12-17 12:30:57.059root 11241100x8000000000000000317063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd352519fe4b1a612021-12-17 12:30:57.556root 11241100x8000000000000000317064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d43d7fe2b843362021-12-17 12:30:57.557root 11241100x8000000000000000317065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846fdad7182fcc932021-12-17 12:30:57.557root 11241100x8000000000000000317066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c52f7c8709c8a32021-12-17 12:30:57.557root 11241100x8000000000000000317067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994133f8aef4d71b2021-12-17 12:30:57.557root 11241100x8000000000000000317068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ffde7d4a0acc642021-12-17 12:30:57.557root 11241100x8000000000000000317069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2ffeb88fa652b22021-12-17 12:30:57.557root 11241100x8000000000000000317070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485252582fff6cb82021-12-17 12:30:57.557root 11241100x8000000000000000317071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bedca6b51bff6612021-12-17 12:30:57.558root 11241100x8000000000000000317072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed12c1960b795682021-12-17 12:30:57.558root 11241100x8000000000000000317073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb9805e8b8064f62021-12-17 12:30:58.056root 11241100x8000000000000000317074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ca6be5e55d31592021-12-17 12:30:58.057root 11241100x8000000000000000317075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b36e86bb968d722021-12-17 12:30:58.057root 11241100x8000000000000000317076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41faad1f7f950c72021-12-17 12:30:58.057root 11241100x8000000000000000317077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3ff910a68747212021-12-17 12:30:58.057root 11241100x8000000000000000317078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f47d89775431aa62021-12-17 12:30:58.057root 11241100x8000000000000000317079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94174483ed894f42021-12-17 12:30:58.057root 11241100x8000000000000000317080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71b41247ed9ae612021-12-17 12:30:58.057root 11241100x8000000000000000317081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d00d238e0b00fd2021-12-17 12:30:58.057root 11241100x8000000000000000317082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981552eb91abdebf2021-12-17 12:30:58.057root 11241100x8000000000000000317083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffcc488904a84e22021-12-17 12:30:58.556root 11241100x8000000000000000317084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b42c1fa84ce4ff2021-12-17 12:30:58.557root 11241100x8000000000000000317085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2f6700827a33d42021-12-17 12:30:58.557root 11241100x8000000000000000317086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27486dd58296d8502021-12-17 12:30:58.557root 11241100x8000000000000000317087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0303c6cac6348d402021-12-17 12:30:58.557root 11241100x8000000000000000317088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4de82343b5165c2021-12-17 12:30:58.557root 11241100x8000000000000000317089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b432f6fca95f18172021-12-17 12:30:58.557root 11241100x8000000000000000317090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7195368ea384e132021-12-17 12:30:58.557root 11241100x8000000000000000317091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d281106f023e2b2021-12-17 12:30:58.557root 11241100x8000000000000000317092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b048889534ecf022021-12-17 12:30:58.557root 11241100x8000000000000000317093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714cc369289a6b722021-12-17 12:30:59.056root 11241100x8000000000000000317094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c40239976554d42021-12-17 12:30:59.057root 11241100x8000000000000000317095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29427a56d8f69202021-12-17 12:30:59.057root 11241100x8000000000000000317096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abe6af265c6b3e72021-12-17 12:30:59.057root 11241100x8000000000000000317097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de293c2d4ebaec32021-12-17 12:30:59.057root 11241100x8000000000000000317098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d058d60954ea0092021-12-17 12:30:59.057root 11241100x8000000000000000317099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d0f040cc55742a2021-12-17 12:30:59.057root 11241100x8000000000000000317100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5e720e22ae89082021-12-17 12:30:59.057root 11241100x8000000000000000317101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a237ea1f52fccf0c2021-12-17 12:30:59.057root 11241100x8000000000000000317102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2717c51b7b95e8b2021-12-17 12:30:59.057root 11241100x8000000000000000317103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8b48b9b8e155162021-12-17 12:30:59.556root 11241100x8000000000000000317104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08301418c2e55bd2021-12-17 12:30:59.557root 11241100x8000000000000000317105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb6003343892a652021-12-17 12:30:59.557root 11241100x8000000000000000317106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7e3d453d67bf902021-12-17 12:30:59.557root 11241100x8000000000000000317107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791f16ab136728fd2021-12-17 12:30:59.557root 11241100x8000000000000000317108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4135f6535dd429532021-12-17 12:30:59.557root 11241100x8000000000000000317109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b0853e222c70182021-12-17 12:30:59.557root 11241100x8000000000000000317110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e854e9c42384c96f2021-12-17 12:30:59.557root 11241100x8000000000000000317111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538849a5c44914df2021-12-17 12:30:59.557root 11241100x8000000000000000317112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d85956df0f6b7072021-12-17 12:30:59.558root 11241100x8000000000000000317113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceef28fad72c14c12021-12-17 12:31:00.056root 11241100x8000000000000000317114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f064eff9110cda72021-12-17 12:31:00.057root 11241100x8000000000000000317115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2084aca46eab035c2021-12-17 12:31:00.057root 11241100x8000000000000000317116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdcfc890255ec6b2021-12-17 12:31:00.057root 11241100x8000000000000000317117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ef52e56d89bd082021-12-17 12:31:00.057root 11241100x8000000000000000317118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c17b5445b417d72021-12-17 12:31:00.057root 11241100x8000000000000000317119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b485105fcd13bd2021-12-17 12:31:00.057root 11241100x8000000000000000317120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5ed7db0b28b0682021-12-17 12:31:00.057root 11241100x8000000000000000317121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a84d1428dc108072021-12-17 12:31:00.057root 11241100x8000000000000000317122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93562021a8a38fe2021-12-17 12:31:00.058root 11241100x8000000000000000317123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.167{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-17 12:31:00.167root 11241100x8000000000000000317124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974aebafede609c42021-12-17 12:31:00.556root 11241100x8000000000000000317125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94796f18b1268ed2021-12-17 12:31:00.557root 11241100x8000000000000000317126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06817fe3fc651822021-12-17 12:31:00.557root 11241100x8000000000000000317127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9141149cabf7ee072021-12-17 12:31:00.557root 11241100x8000000000000000317128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46437aead2c785892021-12-17 12:31:00.557root 11241100x8000000000000000317129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8881470817850712021-12-17 12:31:00.557root 11241100x8000000000000000317130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a322ad84743b0332021-12-17 12:31:00.558root 11241100x8000000000000000317131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d3936b5ad384e02021-12-17 12:31:00.558root 11241100x8000000000000000317132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6571f4d7a1ba53982021-12-17 12:31:00.558root 11241100x8000000000000000317133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27198e888e94b45c2021-12-17 12:31:00.558root 11241100x8000000000000000317134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274ca9d2ace3be172021-12-17 12:31:00.558root 11241100x8000000000000000317135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404d5b4ef63f69ec2021-12-17 12:31:01.057root 11241100x8000000000000000317136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc31e466549fb312021-12-17 12:31:01.057root 11241100x8000000000000000317137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc974c451d5ad432021-12-17 12:31:01.057root 11241100x8000000000000000317138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c824ac94881826842021-12-17 12:31:01.057root 11241100x8000000000000000317139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debb7fa75720e4f32021-12-17 12:31:01.057root 11241100x8000000000000000317140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90b168ec47a41b52021-12-17 12:31:01.058root 11241100x8000000000000000317141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f48eb44117ce40c2021-12-17 12:31:01.058root 11241100x8000000000000000317142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120d1bb339775a7f2021-12-17 12:31:01.058root 11241100x8000000000000000317143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1f6730a08f651d2021-12-17 12:31:01.058root 11241100x8000000000000000317144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d210c8207a9c502021-12-17 12:31:01.058root 11241100x8000000000000000317145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802603b168b832b12021-12-17 12:31:01.058root 11241100x8000000000000000317146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5fa8b7013ff88c2021-12-17 12:31:01.560root 11241100x8000000000000000317147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fadc5ee9ca47dcb2021-12-17 12:31:01.561root 11241100x8000000000000000317148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c079a8e53db33d482021-12-17 12:31:01.561root 11241100x8000000000000000317149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a44854060a55a542021-12-17 12:31:01.561root 11241100x8000000000000000317150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03980ad025d4be82021-12-17 12:31:01.562root 11241100x8000000000000000317151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbef1d4131beb9c2021-12-17 12:31:01.562root 11241100x8000000000000000317152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e1a9b6eb74655b2021-12-17 12:31:01.562root 11241100x8000000000000000317153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bb7154163edae82021-12-17 12:31:01.562root 11241100x8000000000000000317154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a333c2ed5ed4fb2021-12-17 12:31:01.563root 11241100x8000000000000000317155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac18d91d2ad524e02021-12-17 12:31:01.563root 11241100x8000000000000000317156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d79dec58f3bed02021-12-17 12:31:01.563root 354300x8000000000000000317157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.050{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44498-false10.0.1.12-8000- 11241100x8000000000000000317158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.050{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd39bc00804d8ac2021-12-17 12:31:02.050root 11241100x8000000000000000317159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2db326cec2d1bf2021-12-17 12:31:02.051root 11241100x8000000000000000317160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f811bfc4d0ff7cf2021-12-17 12:31:02.051root 11241100x8000000000000000317161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b60d6d68ef3a2b2021-12-17 12:31:02.051root 11241100x8000000000000000317162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f209b0ca0c00fc682021-12-17 12:31:02.051root 11241100x8000000000000000317163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c5ee469e42d74d2021-12-17 12:31:02.051root 11241100x8000000000000000317164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8576c6e50962e7a2021-12-17 12:31:02.051root 11241100x8000000000000000317165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951bb415d06245572021-12-17 12:31:02.051root 11241100x8000000000000000317166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b129bd92f11ed3592021-12-17 12:31:02.051root 11241100x8000000000000000317167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500005013d6c749b2021-12-17 12:31:02.051root 11241100x8000000000000000317168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480da456453b22702021-12-17 12:31:02.051root 11241100x8000000000000000317169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6d1cb481743e5d2021-12-17 12:31:02.051root 11241100x8000000000000000317170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.306{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbc9828e14493fb2021-12-17 12:31:02.306root 11241100x8000000000000000317171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7c650c6ed403a72021-12-17 12:31:02.307root 11241100x8000000000000000317172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3806ade7035bc6c22021-12-17 12:31:02.307root 11241100x8000000000000000317173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae70e3b61ee6822021-12-17 12:31:02.307root 11241100x8000000000000000317174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3616f056b9cbc42021-12-17 12:31:02.307root 11241100x8000000000000000317175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9130ea686d91f9112021-12-17 12:31:02.308root 11241100x8000000000000000317176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b15de0b96adc702021-12-17 12:31:02.308root 11241100x8000000000000000317177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbd6717941926042021-12-17 12:31:02.308root 11241100x8000000000000000317178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdb01500f2544172021-12-17 12:31:02.308root 11241100x8000000000000000317179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d9265c940456602021-12-17 12:31:02.308root 11241100x8000000000000000317180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a314f52da95acf42021-12-17 12:31:02.308root 11241100x8000000000000000317181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9dadd2c1acad262021-12-17 12:31:02.309root 11241100x8000000000000000317182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500877230cef85112021-12-17 12:31:02.807root 11241100x8000000000000000317183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b23dccc1ca38952021-12-17 12:31:02.807root 11241100x8000000000000000317184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6561b491fafb7d2021-12-17 12:31:02.807root 11241100x8000000000000000317185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4acfe3f2247f9e82021-12-17 12:31:02.807root 11241100x8000000000000000317186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ab4a2371a8feeb2021-12-17 12:31:02.807root 11241100x8000000000000000317187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9832b647e37221c2021-12-17 12:31:02.807root 11241100x8000000000000000317188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e85661211797902021-12-17 12:31:02.807root 11241100x8000000000000000317189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8724eca109fabdf2021-12-17 12:31:02.807root 11241100x8000000000000000317190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b0633aaa8af4d22021-12-17 12:31:02.807root 11241100x8000000000000000317191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7060165157753b2021-12-17 12:31:02.808root 11241100x8000000000000000317192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7c7124f3d3e2b82021-12-17 12:31:02.808root 11241100x8000000000000000317193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323d1e7c0ae73c042021-12-17 12:31:02.808root 23542300x8000000000000000317194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.169{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000317195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.170{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df87017bfe0cb7012021-12-17 12:31:03.170root 11241100x8000000000000000317196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.170{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5357e0b6b1791332021-12-17 12:31:03.170root 11241100x8000000000000000317197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.170{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575e1822f183245d2021-12-17 12:31:03.170root 11241100x8000000000000000317198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.170{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f6f848601b45842021-12-17 12:31:03.170root 11241100x8000000000000000317199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.171{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617c999fef5b4fe32021-12-17 12:31:03.171root 11241100x8000000000000000317200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.171{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38773d78aa1858402021-12-17 12:31:03.171root 11241100x8000000000000000317201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.171{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5f41c761d3c2752021-12-17 12:31:03.171root 11241100x8000000000000000317202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.171{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7c53cb04f44c152021-12-17 12:31:03.171root 11241100x8000000000000000317203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b86c700dbce41e2021-12-17 12:31:03.172root 11241100x8000000000000000317204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d476f4fc03ac5ef2021-12-17 12:31:03.172root 11241100x8000000000000000317205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345497a70c84106b2021-12-17 12:31:03.172root 11241100x8000000000000000317206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cd1bd8eb8934532021-12-17 12:31:03.172root 11241100x8000000000000000317207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09adb429947baeb2021-12-17 12:31:03.172root 11241100x8000000000000000317208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a6b4766b2311e52021-12-17 12:31:03.172root 11241100x8000000000000000317209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc3d49e54210cf22021-12-17 12:31:03.172root 11241100x8000000000000000317210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608b9e1431fe72e22021-12-17 12:31:03.172root 11241100x8000000000000000317211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1491c4ec2e42a1e2021-12-17 12:31:03.172root 11241100x8000000000000000317212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea6c29dcb7b795a2021-12-17 12:31:03.172root 11241100x8000000000000000317213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6091ff7df7a2cfe72021-12-17 12:31:03.557root 11241100x8000000000000000317214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c901017c0734abd12021-12-17 12:31:03.557root 11241100x8000000000000000317215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188e9b1e948ea0942021-12-17 12:31:03.557root 11241100x8000000000000000317216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6488d9efd4ce3ad42021-12-17 12:31:03.557root 11241100x8000000000000000317217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6291c4cac49558ee2021-12-17 12:31:03.557root 11241100x8000000000000000317218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a57776014093122021-12-17 12:31:03.557root 11241100x8000000000000000317219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aeac7279fe37eb2021-12-17 12:31:03.557root 11241100x8000000000000000317220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e71446f9418f352021-12-17 12:31:03.557root 11241100x8000000000000000317221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb63018f605b50d2021-12-17 12:31:03.557root 11241100x8000000000000000317222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6040deef3b5ec5c2021-12-17 12:31:03.558root 11241100x8000000000000000317223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ab948ff945ff032021-12-17 12:31:03.558root 11241100x8000000000000000317224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80521bdb222b13b2021-12-17 12:31:03.558root 11241100x8000000000000000317225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4855e54322051dc92021-12-17 12:31:03.558root 11241100x8000000000000000317226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5c62f1dd30f25e2021-12-17 12:31:04.057root 11241100x8000000000000000317227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ca2d2d5b38c5ed2021-12-17 12:31:04.057root 11241100x8000000000000000317228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8726f8c12abdc3b42021-12-17 12:31:04.057root 11241100x8000000000000000317229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303c452c71ae2cb22021-12-17 12:31:04.057root 11241100x8000000000000000317230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9d6056c31b3cf02021-12-17 12:31:04.057root 11241100x8000000000000000317231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa512cab3a733db2021-12-17 12:31:04.057root 11241100x8000000000000000317232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ca611ed62d35132021-12-17 12:31:04.057root 11241100x8000000000000000317233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e313a582e3c58fa2021-12-17 12:31:04.058root 11241100x8000000000000000317234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be744b44a6fc65b82021-12-17 12:31:04.058root 11241100x8000000000000000317235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47252ce620c4547a2021-12-17 12:31:04.058root 11241100x8000000000000000317236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2290fdce34271e2021-12-17 12:31:04.058root 11241100x8000000000000000317237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d823e1b7ba2c77d22021-12-17 12:31:04.058root 11241100x8000000000000000317238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54c62814de3950d2021-12-17 12:31:04.058root 11241100x8000000000000000317239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d497f4a27df96ce32021-12-17 12:31:04.557root 11241100x8000000000000000317240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051a896c3bea28ff2021-12-17 12:31:04.557root 11241100x8000000000000000317241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4888269980e9572021-12-17 12:31:04.557root 11241100x8000000000000000317242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698c1cdf29c7be8a2021-12-17 12:31:04.557root 11241100x8000000000000000317243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcad5bd7a95b9ea82021-12-17 12:31:04.557root 11241100x8000000000000000317244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f08820e4bb593e92021-12-17 12:31:04.557root 11241100x8000000000000000317245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4925de3edc7bd75d2021-12-17 12:31:04.557root 11241100x8000000000000000317246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3330c62dca4c43e42021-12-17 12:31:04.557root 11241100x8000000000000000317247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7783a1c8b9667a842021-12-17 12:31:04.557root 11241100x8000000000000000317248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973dd9e95e2eebbe2021-12-17 12:31:04.557root 11241100x8000000000000000317249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de62c40860bd7c582021-12-17 12:31:04.557root 11241100x8000000000000000317250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7508fdd33798fa2021-12-17 12:31:04.558root 11241100x8000000000000000317251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c4b82e42ae69952021-12-17 12:31:04.558root 11241100x8000000000000000317252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a50077739eff202021-12-17 12:31:05.057root 11241100x8000000000000000317253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7740c7989c6b82e2021-12-17 12:31:05.057root 11241100x8000000000000000317254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7422033a1871c72021-12-17 12:31:05.057root 11241100x8000000000000000317255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd48a4a0fb73ad762021-12-17 12:31:05.057root 11241100x8000000000000000317256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bd0215950cb68c2021-12-17 12:31:05.057root 11241100x8000000000000000317257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd9f510605a0d132021-12-17 12:31:05.058root 11241100x8000000000000000317258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed689cee3fdbda8f2021-12-17 12:31:05.058root 11241100x8000000000000000317259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f4a321b3e4fbc72021-12-17 12:31:05.058root 11241100x8000000000000000317260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa60a796e9b2a232021-12-17 12:31:05.058root 11241100x8000000000000000317261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e3f3b15a15adb72021-12-17 12:31:05.058root 11241100x8000000000000000317262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1a2b06dd0a4e232021-12-17 12:31:05.058root 11241100x8000000000000000317263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2adedc50cb70dec2021-12-17 12:31:05.058root 11241100x8000000000000000317264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585c1359e1b655482021-12-17 12:31:05.058root 11241100x8000000000000000317265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98b37bcf67021822021-12-17 12:31:05.556root 11241100x8000000000000000317266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d161422cdff54ef2021-12-17 12:31:05.557root 11241100x8000000000000000317267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa2276527a02e852021-12-17 12:31:05.557root 11241100x8000000000000000317268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556e7b706a030c6b2021-12-17 12:31:05.557root 11241100x8000000000000000317269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5a11d1345fc3b62021-12-17 12:31:05.557root 11241100x8000000000000000317270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e4a11a36f0f9ce2021-12-17 12:31:05.557root 11241100x8000000000000000317271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0137de6971da3e092021-12-17 12:31:05.557root 11241100x8000000000000000317272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614957e5271c34ec2021-12-17 12:31:05.557root 11241100x8000000000000000317273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fd447565582e242021-12-17 12:31:05.557root 11241100x8000000000000000317274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be7963aa5918ab02021-12-17 12:31:05.557root 11241100x8000000000000000317275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc97deff03c7cdf2021-12-17 12:31:05.558root 11241100x8000000000000000317276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342ef19cb33f26c92021-12-17 12:31:05.558root 11241100x8000000000000000317277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b03065966334dc62021-12-17 12:31:05.558root 11241100x8000000000000000317278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75bf58f33c8e79d2021-12-17 12:31:06.057root 11241100x8000000000000000317279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb86c1ee5577c20f2021-12-17 12:31:06.057root 11241100x8000000000000000317280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333e508077a0b4c12021-12-17 12:31:06.057root 11241100x8000000000000000317281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263006c3f97168522021-12-17 12:31:06.057root 11241100x8000000000000000317282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b93d278ada00e582021-12-17 12:31:06.057root 11241100x8000000000000000317283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8088e71b8d155e052021-12-17 12:31:06.057root 11241100x8000000000000000317284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683451b8487921632021-12-17 12:31:06.057root 11241100x8000000000000000317285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d1967242349f372021-12-17 12:31:06.057root 11241100x8000000000000000317286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e75f58c38b2c482021-12-17 12:31:06.057root 11241100x8000000000000000317287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05b9c0da97108b82021-12-17 12:31:06.057root 11241100x8000000000000000317288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bdd118da25c1082021-12-17 12:31:06.058root 11241100x8000000000000000317289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c2565ee3f2eac62021-12-17 12:31:06.058root 11241100x8000000000000000317290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50792436cb660fb62021-12-17 12:31:06.058root 11241100x8000000000000000317291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef104dda8cf866a22021-12-17 12:31:06.556root 11241100x8000000000000000317292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9058f5900ac89d2021-12-17 12:31:06.557root 11241100x8000000000000000317293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a4b943ca8f04e62021-12-17 12:31:06.557root 11241100x8000000000000000317294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dc829a3327dbab2021-12-17 12:31:06.557root 11241100x8000000000000000317295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b48d4db69b33a3a2021-12-17 12:31:06.557root 11241100x8000000000000000317296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba5578700c2fcf32021-12-17 12:31:06.557root 11241100x8000000000000000317297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5833c18de72fb2052021-12-17 12:31:06.558root 11241100x8000000000000000317298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff320c653b9e66e2021-12-17 12:31:06.558root 11241100x8000000000000000317299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574fa821a3a6a6272021-12-17 12:31:06.558root 11241100x8000000000000000317300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff721b363a5f2ca2021-12-17 12:31:06.558root 11241100x8000000000000000317301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a9e07bf3cb048b2021-12-17 12:31:06.558root 11241100x8000000000000000317302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7be911ee5da7542021-12-17 12:31:06.558root 11241100x8000000000000000317303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4cea60d23c57792021-12-17 12:31:06.558root 11241100x8000000000000000317304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008a601dc0fc93582021-12-17 12:31:07.057root 11241100x8000000000000000317305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fb5f502e65e32e2021-12-17 12:31:07.057root 11241100x8000000000000000317306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0ebd58ef4bebce2021-12-17 12:31:07.057root 11241100x8000000000000000317307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3601a2444ac7f0952021-12-17 12:31:07.057root 11241100x8000000000000000317308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff8cd672561e612021-12-17 12:31:07.057root 11241100x8000000000000000317309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611ba6cd8d5865ac2021-12-17 12:31:07.057root 11241100x8000000000000000317310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e16cfbc9fd532e2021-12-17 12:31:07.057root 11241100x8000000000000000317311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15175951233741802021-12-17 12:31:07.057root 11241100x8000000000000000317312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8931e621ecbe5c2021-12-17 12:31:07.057root 11241100x8000000000000000317313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9104a35b5348c6a2021-12-17 12:31:07.058root 11241100x8000000000000000317314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219a8edd1f860b2e2021-12-17 12:31:07.058root 11241100x8000000000000000317315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894d0b9c463bec0b2021-12-17 12:31:07.058root 11241100x8000000000000000317316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909539f9f738c75d2021-12-17 12:31:07.058root 354300x8000000000000000317317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.210{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44500-false10.0.1.12-8000- 11241100x8000000000000000317318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58181f18362bfb4c2021-12-17 12:31:07.557root 11241100x8000000000000000317319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4613b0fd6a2cf92021-12-17 12:31:07.557root 11241100x8000000000000000317320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95b6358e7adb1ee2021-12-17 12:31:07.557root 11241100x8000000000000000317321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4626dbef700467102021-12-17 12:31:07.557root 11241100x8000000000000000317322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25acd74dea4e39a52021-12-17 12:31:07.557root 11241100x8000000000000000317323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022c058b109f757e2021-12-17 12:31:07.557root 11241100x8000000000000000317324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9d6dcc930f786a2021-12-17 12:31:07.557root 11241100x8000000000000000317325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d266ce1be1f2ae2021-12-17 12:31:07.557root 11241100x8000000000000000317326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2953e01a718cd30f2021-12-17 12:31:07.557root 11241100x8000000000000000317327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a35661d992194c2021-12-17 12:31:07.557root 11241100x8000000000000000317328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bf9a5cf82ec3602021-12-17 12:31:07.558root 11241100x8000000000000000317329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcc9cd491032de42021-12-17 12:31:07.558root 11241100x8000000000000000317330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34edd1ef63c8fe822021-12-17 12:31:07.558root 11241100x8000000000000000317331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eee4081c12e49e32021-12-17 12:31:07.558root 11241100x8000000000000000317332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20745c1a9a0a86602021-12-17 12:31:08.057root 11241100x8000000000000000317333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5bac2ced0443292021-12-17 12:31:08.057root 11241100x8000000000000000317334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8c655d0a61a2902021-12-17 12:31:08.057root 11241100x8000000000000000317335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae03501a50d1d02021-12-17 12:31:08.057root 11241100x8000000000000000317336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de8c8194f5a59112021-12-17 12:31:08.057root 11241100x8000000000000000317337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6dd775a97e91692021-12-17 12:31:08.057root 11241100x8000000000000000317338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbe599f2dd9c3e92021-12-17 12:31:08.057root 11241100x8000000000000000317339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9b6729ebd4b032021-12-17 12:31:08.057root 11241100x8000000000000000317340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9e62cbc5e7bf4b2021-12-17 12:31:08.057root 11241100x8000000000000000317341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2b4952dde4a1492021-12-17 12:31:08.057root 11241100x8000000000000000317342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383dfa80121b88792021-12-17 12:31:08.057root 11241100x8000000000000000317343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f268de12d4fc7cdf2021-12-17 12:31:08.057root 11241100x8000000000000000317344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e42b7d554e553512021-12-17 12:31:08.057root 11241100x8000000000000000317345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c6fec2a3e5402a2021-12-17 12:31:08.057root 11241100x8000000000000000317346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ea5a0c4b7366ef2021-12-17 12:31:08.557root 11241100x8000000000000000317347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddf915e80a910bd2021-12-17 12:31:08.557root 11241100x8000000000000000317348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081afb75293442c82021-12-17 12:31:08.557root 11241100x8000000000000000317349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c23c39f94624432021-12-17 12:31:08.557root 11241100x8000000000000000317350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d254ac94eb0c312021-12-17 12:31:08.557root 11241100x8000000000000000317351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8716e69dbf92932021-12-17 12:31:08.557root 11241100x8000000000000000317352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35714b0a0701d942021-12-17 12:31:08.557root 11241100x8000000000000000317353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aacc83b78dc9392021-12-17 12:31:08.557root 11241100x8000000000000000317354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5629a39598afa1f42021-12-17 12:31:08.557root 11241100x8000000000000000317355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89392daa9be73b352021-12-17 12:31:08.557root 11241100x8000000000000000317356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8674739d407a0892021-12-17 12:31:08.557root 11241100x8000000000000000317357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a85345b8ed04d102021-12-17 12:31:08.557root 11241100x8000000000000000317358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236ed6e254ffef9d2021-12-17 12:31:08.557root 11241100x8000000000000000317359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b8ed5a902b34402021-12-17 12:31:08.557root 11241100x8000000000000000317360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0b5c59c21430a12021-12-17 12:31:09.057root 11241100x8000000000000000317361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3690a33631b56fd2021-12-17 12:31:09.057root 11241100x8000000000000000317362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2c4eb8075c2d522021-12-17 12:31:09.057root 11241100x8000000000000000317363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2604b53307f7e7be2021-12-17 12:31:09.057root 11241100x8000000000000000317364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd5112ec56776fd2021-12-17 12:31:09.057root 11241100x8000000000000000317365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5501e4cf07b9062021-12-17 12:31:09.057root 11241100x8000000000000000317366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1cd145df53c35a2021-12-17 12:31:09.057root 11241100x8000000000000000317367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a44bca3990b5fb2021-12-17 12:31:09.057root 11241100x8000000000000000317368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2852906831e3b9802021-12-17 12:31:09.057root 11241100x8000000000000000317369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e6270daaf0ac612021-12-17 12:31:09.057root 11241100x8000000000000000317370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece10f0940c78d702021-12-17 12:31:09.057root 11241100x8000000000000000317371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1625723ec6c6f83d2021-12-17 12:31:09.057root 11241100x8000000000000000317372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975467ac69b3b5dd2021-12-17 12:31:09.058root 11241100x8000000000000000317373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929d03698219a3b32021-12-17 12:31:09.058root 11241100x8000000000000000317374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77b6acf19deda4b2021-12-17 12:31:09.557root 11241100x8000000000000000317375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e179c668b58ece9b2021-12-17 12:31:09.557root 11241100x8000000000000000317376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f135dd194f580422021-12-17 12:31:09.557root 11241100x8000000000000000317377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3085a16405432642021-12-17 12:31:09.557root 11241100x8000000000000000317378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81137b13ecefbc32021-12-17 12:31:09.557root 11241100x8000000000000000317379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed876a5935277192021-12-17 12:31:09.557root 11241100x8000000000000000317380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d49a8907e53f3e2021-12-17 12:31:09.557root 11241100x8000000000000000317381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d2f01031c3004f2021-12-17 12:31:09.557root 11241100x8000000000000000317382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c98305ae50604f32021-12-17 12:31:09.557root 11241100x8000000000000000317383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbb3276b0f8cf522021-12-17 12:31:09.557root 11241100x8000000000000000317384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d33242a402e896a2021-12-17 12:31:09.557root 11241100x8000000000000000317385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5c20f4fd66e28e2021-12-17 12:31:09.557root 11241100x8000000000000000317386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e93247226679b82021-12-17 12:31:09.557root 11241100x8000000000000000317387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab5e14301dc3c562021-12-17 12:31:09.557root 11241100x8000000000000000317388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f077dfa058955e5f2021-12-17 12:31:10.057root 11241100x8000000000000000317389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450f60a1da4e3de12021-12-17 12:31:10.057root 11241100x8000000000000000317390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd03d27a8e0baea2021-12-17 12:31:10.057root 11241100x8000000000000000317391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dd8b2b1c8e3e6c2021-12-17 12:31:10.057root 11241100x8000000000000000317392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52421a7555dc58332021-12-17 12:31:10.057root 11241100x8000000000000000317393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09b1d7cbf0ea34f2021-12-17 12:31:10.057root 11241100x8000000000000000317394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8536cd7b921b1ff32021-12-17 12:31:10.057root 11241100x8000000000000000317395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6804f5615811772021-12-17 12:31:10.057root 11241100x8000000000000000317396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2687235b113fae2021-12-17 12:31:10.057root 11241100x8000000000000000317397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893096a3e8e8b9e52021-12-17 12:31:10.057root 11241100x8000000000000000317398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce272b1ed3c1959a2021-12-17 12:31:10.057root 11241100x8000000000000000317399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51b91fa6ae1c1ef2021-12-17 12:31:10.057root 11241100x8000000000000000317400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495585f305eb09982021-12-17 12:31:10.058root 11241100x8000000000000000317401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ddba9669e47e452021-12-17 12:31:10.058root 11241100x8000000000000000317402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff875bd936686cf2021-12-17 12:31:10.557root 11241100x8000000000000000317403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc33bcc15ffff1742021-12-17 12:31:10.557root 11241100x8000000000000000317404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1d837218c3ce92021-12-17 12:31:10.557root 11241100x8000000000000000317405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a367cc06e2d64c232021-12-17 12:31:10.557root 11241100x8000000000000000317406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99483110b86106612021-12-17 12:31:10.557root 11241100x8000000000000000317407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747f37cc4482d3972021-12-17 12:31:10.557root 11241100x8000000000000000317408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4b7ec7e44f64292021-12-17 12:31:10.557root 11241100x8000000000000000317409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685dc570892754a32021-12-17 12:31:10.557root 11241100x8000000000000000317410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9f0bcc61c472252021-12-17 12:31:10.557root 11241100x8000000000000000317411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ecf16e03243f022021-12-17 12:31:10.557root 11241100x8000000000000000317412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1941e43233282b7a2021-12-17 12:31:10.557root 11241100x8000000000000000317413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35d59f149676b2d2021-12-17 12:31:10.557root 11241100x8000000000000000317414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65e7f9da4bf42032021-12-17 12:31:10.558root 11241100x8000000000000000317415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941b5d47f913d41c2021-12-17 12:31:10.558root 11241100x8000000000000000317416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99fe517a0d969722021-12-17 12:31:11.057root 11241100x8000000000000000317417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52f56c40e0c86b12021-12-17 12:31:11.057root 11241100x8000000000000000317418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9cc7401bde17222021-12-17 12:31:11.057root 11241100x8000000000000000317419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7b042275db570d2021-12-17 12:31:11.057root 11241100x8000000000000000317420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1602ebff884e4b2021-12-17 12:31:11.057root 11241100x8000000000000000317421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92417d11adc6ba142021-12-17 12:31:11.057root 11241100x8000000000000000317422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6141c1d6b8449f12021-12-17 12:31:11.057root 11241100x8000000000000000317423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11430e016ae963eb2021-12-17 12:31:11.057root 11241100x8000000000000000317424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3085062f15c645a22021-12-17 12:31:11.057root 11241100x8000000000000000317425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93401a9c0ea372a62021-12-17 12:31:11.057root 11241100x8000000000000000317426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c58eae871acfe92021-12-17 12:31:11.058root 11241100x8000000000000000317427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4a72addad0662f2021-12-17 12:31:11.058root 11241100x8000000000000000317428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231c84bc451e7a522021-12-17 12:31:11.058root 11241100x8000000000000000317429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567f440564f5099f2021-12-17 12:31:11.058root 11241100x8000000000000000317430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d048365dbb5308802021-12-17 12:31:11.557root 11241100x8000000000000000317431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1da93356b6a44f2021-12-17 12:31:11.557root 11241100x8000000000000000317432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce990bebb15d95a2021-12-17 12:31:11.557root 11241100x8000000000000000317433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7395bce7c486a02021-12-17 12:31:11.557root 11241100x8000000000000000317434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dbac1f871d6fce2021-12-17 12:31:11.557root 11241100x8000000000000000317435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edea853dad584152021-12-17 12:31:11.557root 11241100x8000000000000000317436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7046755de14c347e2021-12-17 12:31:11.557root 11241100x8000000000000000317437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f85de1c321ebeb2021-12-17 12:31:11.558root 11241100x8000000000000000317438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c5083991de620f2021-12-17 12:31:11.558root 11241100x8000000000000000317439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e0971a615882072021-12-17 12:31:11.558root 11241100x8000000000000000317440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a2d5f39bc777a72021-12-17 12:31:11.558root 11241100x8000000000000000317441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f777af057c2def4c2021-12-17 12:31:11.558root 11241100x8000000000000000317442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515cfc4d71727f3e2021-12-17 12:31:11.558root 11241100x8000000000000000317443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938473c4f4fea36d2021-12-17 12:31:11.558root 11241100x8000000000000000317444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e751dfb5a791852021-12-17 12:31:12.057root 11241100x8000000000000000317445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8275cc74e9a660152021-12-17 12:31:12.057root 11241100x8000000000000000317446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47c021810f93f552021-12-17 12:31:12.057root 11241100x8000000000000000317447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b0ec9a05fb723d2021-12-17 12:31:12.057root 11241100x8000000000000000317448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327c5f0795e51ab82021-12-17 12:31:12.057root 11241100x8000000000000000317449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82babe992d81d62a2021-12-17 12:31:12.057root 11241100x8000000000000000317450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7748d490c29f96da2021-12-17 12:31:12.057root 11241100x8000000000000000317451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7476d4fda2a59222021-12-17 12:31:12.057root 11241100x8000000000000000317452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0d8e4f49403ae52021-12-17 12:31:12.057root 11241100x8000000000000000317453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3fe245d806c2a2021-12-17 12:31:12.057root 11241100x8000000000000000317454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01421a5b18178152021-12-17 12:31:12.057root 11241100x8000000000000000317455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb3b63ad44db1e42021-12-17 12:31:12.057root 11241100x8000000000000000317456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a443e5ef66406572021-12-17 12:31:12.058root 11241100x8000000000000000317457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ad6fc287b21bc02021-12-17 12:31:12.058root 11241100x8000000000000000317458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa335dcadae5a7d32021-12-17 12:31:12.557root 11241100x8000000000000000317459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bd2dfc9107f1e92021-12-17 12:31:12.557root 11241100x8000000000000000317460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30ff534439397612021-12-17 12:31:12.557root 11241100x8000000000000000317461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381a3ff9e79d1c552021-12-17 12:31:12.557root 11241100x8000000000000000317462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d47e1e14dae85a32021-12-17 12:31:12.557root 11241100x8000000000000000317463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7b7908dd13231d2021-12-17 12:31:12.557root 11241100x8000000000000000317464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c733cf4a50a494122021-12-17 12:31:12.557root 11241100x8000000000000000317465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8550b632fcc65a502021-12-17 12:31:12.557root 11241100x8000000000000000317466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fe380d3a71e3442021-12-17 12:31:12.557root 11241100x8000000000000000317467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ac6cb8ee7e59292021-12-17 12:31:12.557root 11241100x8000000000000000317468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093a4617cf72928d2021-12-17 12:31:12.557root 11241100x8000000000000000317469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba281de59043555c2021-12-17 12:31:12.557root 11241100x8000000000000000317470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e929ae4c3c09dfc92021-12-17 12:31:12.557root 11241100x8000000000000000317471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720f3819e4a239b32021-12-17 12:31:12.558root 11241100x8000000000000000317472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e938f78992f0afb72021-12-17 12:31:13.057root 11241100x8000000000000000317473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59105fa18d2792eb2021-12-17 12:31:13.057root 11241100x8000000000000000317474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc123cafd412ed252021-12-17 12:31:13.057root 11241100x8000000000000000317475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35ef3ca63c29b2f2021-12-17 12:31:13.057root 11241100x8000000000000000317476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ea8f7bfd0ef86c2021-12-17 12:31:13.057root 11241100x8000000000000000317477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5545c4b5681ce8d62021-12-17 12:31:13.057root 11241100x8000000000000000317478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6b41400e8323692021-12-17 12:31:13.057root 11241100x8000000000000000317479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b559bacf7e4f9252021-12-17 12:31:13.057root 11241100x8000000000000000317480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04bdd4e3ce7737c2021-12-17 12:31:13.057root 11241100x8000000000000000317481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb636c92740b43d2021-12-17 12:31:13.057root 11241100x8000000000000000317482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cf5241b903983f2021-12-17 12:31:13.057root 11241100x8000000000000000317483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558df47430aebade2021-12-17 12:31:13.058root 11241100x8000000000000000317484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916c8222ffb2820b2021-12-17 12:31:13.058root 11241100x8000000000000000317485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d1cb39882587272021-12-17 12:31:13.058root 11241100x8000000000000000317486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2339df23ac1aac2021-12-17 12:31:13.557root 11241100x8000000000000000317487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79fa5c66b9187452021-12-17 12:31:13.557root 11241100x8000000000000000317488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9b48795af5f7ae2021-12-17 12:31:13.557root 11241100x8000000000000000317489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b585166534d470a2021-12-17 12:31:13.557root 11241100x8000000000000000317490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7787c7c0646853d2021-12-17 12:31:13.557root 11241100x8000000000000000317491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba7f2c9cc29db692021-12-17 12:31:13.557root 11241100x8000000000000000317492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c883896a233c548c2021-12-17 12:31:13.557root 11241100x8000000000000000317493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a83bf8d1bd35cd2021-12-17 12:31:13.557root 11241100x8000000000000000317494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c73f5be93c63552021-12-17 12:31:13.557root 11241100x8000000000000000317495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5baccb75ea179a22021-12-17 12:31:13.557root 11241100x8000000000000000317496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73748705860fe0c52021-12-17 12:31:13.557root 11241100x8000000000000000317497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2090dda2d4246e8b2021-12-17 12:31:13.557root 11241100x8000000000000000317498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b380f70c63caa42021-12-17 12:31:13.557root 11241100x8000000000000000317499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f5c65e32440a062021-12-17 12:31:13.558root 11241100x8000000000000000317500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d9466dfe20eed22021-12-17 12:31:14.057root 11241100x8000000000000000317501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936136fd13837cc12021-12-17 12:31:14.057root 11241100x8000000000000000317502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d2714d621b7ec82021-12-17 12:31:14.058root 11241100x8000000000000000317503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c5de58cc715de92021-12-17 12:31:14.058root 11241100x8000000000000000317504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151c32330b8c58de2021-12-17 12:31:14.059root 11241100x8000000000000000317505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af5e031ea17b52e2021-12-17 12:31:14.059root 11241100x8000000000000000317506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83334c47238f6dc72021-12-17 12:31:14.059root 11241100x8000000000000000317507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39938a14628b3d0c2021-12-17 12:31:14.059root 11241100x8000000000000000317508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921e89bbf25325d32021-12-17 12:31:14.059root 11241100x8000000000000000317509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5395a3836d8e102021-12-17 12:31:14.060root 11241100x8000000000000000317510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc743374754e4bc2021-12-17 12:31:14.060root 11241100x8000000000000000317511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8dae31a2c02a922021-12-17 12:31:14.060root 11241100x8000000000000000317512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a44616cf17dfd0a2021-12-17 12:31:14.060root 11241100x8000000000000000317513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa146b3bd9a8ffa12021-12-17 12:31:14.060root 11241100x8000000000000000317514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab64303c9708368b2021-12-17 12:31:14.557root 11241100x8000000000000000317515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccb2e6b90262c2e2021-12-17 12:31:14.557root 11241100x8000000000000000317516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c11f8eec4a251c2021-12-17 12:31:14.557root 11241100x8000000000000000317517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae49c0f7feefa2b72021-12-17 12:31:14.557root 11241100x8000000000000000317518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d34fd897f732d1b2021-12-17 12:31:14.557root 11241100x8000000000000000317519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecf6e04e1b824772021-12-17 12:31:14.557root 11241100x8000000000000000317520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549717e4ed4b60082021-12-17 12:31:14.557root 11241100x8000000000000000317521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03a13e4c1d057362021-12-17 12:31:14.557root 11241100x8000000000000000317522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769367b5320814c22021-12-17 12:31:14.557root 11241100x8000000000000000317523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db224fc2a93e9812021-12-17 12:31:14.558root 11241100x8000000000000000317524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ee1e44e9c50d992021-12-17 12:31:14.558root 11241100x8000000000000000317525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1953ab34af04ec9f2021-12-17 12:31:14.558root 11241100x8000000000000000317526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0596f5bf5e0342021-12-17 12:31:14.558root 11241100x8000000000000000317527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12700226cb1f3642021-12-17 12:31:14.558root 11241100x8000000000000000317528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c883a23a042872392021-12-17 12:31:15.057root 11241100x8000000000000000317529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428d9285a904692b2021-12-17 12:31:15.057root 11241100x8000000000000000317530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f803dea913f1b6e02021-12-17 12:31:15.057root 11241100x8000000000000000317531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1664944930c662f02021-12-17 12:31:15.057root 11241100x8000000000000000317532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b45929ae0a6fd612021-12-17 12:31:15.057root 11241100x8000000000000000317533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8a5646b3016ee12021-12-17 12:31:15.057root 11241100x8000000000000000317534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3419c9dafb9a142021-12-17 12:31:15.057root 11241100x8000000000000000317535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a202f6974f422f072021-12-17 12:31:15.057root 11241100x8000000000000000317536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2481124501940cff2021-12-17 12:31:15.057root 11241100x8000000000000000317537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c3915f710a026b2021-12-17 12:31:15.058root 11241100x8000000000000000317538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdce204837e196a22021-12-17 12:31:15.058root 11241100x8000000000000000317539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da0ed07ce74cb6f2021-12-17 12:31:15.058root 11241100x8000000000000000317540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cf5a2f450ee42e2021-12-17 12:31:15.058root 11241100x8000000000000000317541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5196cfdc7c8137422021-12-17 12:31:15.058root 11241100x8000000000000000317542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cfc0dcfc7d30052021-12-17 12:31:15.557root 11241100x8000000000000000317543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41211c653449cb642021-12-17 12:31:15.557root 11241100x8000000000000000317544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e06301b8434a532021-12-17 12:31:15.557root 11241100x8000000000000000317545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cde09ec7078e2f2021-12-17 12:31:15.557root 11241100x8000000000000000317546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0325ffe266b8d22c2021-12-17 12:31:15.557root 11241100x8000000000000000317547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707d7af0d134aaa62021-12-17 12:31:15.557root 11241100x8000000000000000317548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80431527eac5d4372021-12-17 12:31:15.557root 11241100x8000000000000000317549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504d45e6c1bb70b52021-12-17 12:31:15.557root 11241100x8000000000000000317550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982a65e989c72bd02021-12-17 12:31:15.557root 11241100x8000000000000000317551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8385120828e52e392021-12-17 12:31:15.557root 11241100x8000000000000000317552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b90e9b1e5ef16452021-12-17 12:31:15.557root 11241100x8000000000000000317553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1a27812de855ac2021-12-17 12:31:15.557root 11241100x8000000000000000317554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cde9746205a06282021-12-17 12:31:15.557root 11241100x8000000000000000317555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ad680f04fd51fb2021-12-17 12:31:15.558root 11241100x8000000000000000317556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ac673af0e4b8282021-12-17 12:31:16.057root 11241100x8000000000000000317557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4278249ad23806a2021-12-17 12:31:16.057root 11241100x8000000000000000317558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa1951d3eb2c6292021-12-17 12:31:16.057root 11241100x8000000000000000317559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1fcb664b47897c2021-12-17 12:31:16.057root 11241100x8000000000000000317560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b0a86dc0b977e12021-12-17 12:31:16.057root 11241100x8000000000000000317561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aa451ec06e7d502021-12-17 12:31:16.057root 11241100x8000000000000000317562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b610f5459c96ab852021-12-17 12:31:16.057root 11241100x8000000000000000317563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1729c60f9f670e2021-12-17 12:31:16.057root 11241100x8000000000000000317564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834874c718972a1d2021-12-17 12:31:16.057root 11241100x8000000000000000317565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a927fb23d65aeb812021-12-17 12:31:16.057root 11241100x8000000000000000317566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cc1fe9299caf8f2021-12-17 12:31:16.057root 11241100x8000000000000000317567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96434452491d1ac42021-12-17 12:31:16.058root 11241100x8000000000000000317568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd039f2aaa490c92021-12-17 12:31:16.058root 11241100x8000000000000000317569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a7cbcef2b333992021-12-17 12:31:16.058root 11241100x8000000000000000317570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b09adc33231acf2021-12-17 12:31:16.557root 11241100x8000000000000000317571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c0227ab72cbf3d2021-12-17 12:31:16.557root 11241100x8000000000000000317572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623d4275e1a795c22021-12-17 12:31:16.557root 11241100x8000000000000000317573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b1483920c555ee2021-12-17 12:31:16.557root 11241100x8000000000000000317574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90c1ef8e1af9c942021-12-17 12:31:16.557root 11241100x8000000000000000317575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ab390f937e55a52021-12-17 12:31:16.557root 11241100x8000000000000000317576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c5f5946c0ca4042021-12-17 12:31:16.557root 11241100x8000000000000000317577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7974073df7d2dfb92021-12-17 12:31:16.557root 11241100x8000000000000000317578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd66e18712b38c62021-12-17 12:31:16.557root 11241100x8000000000000000317579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423f21eec76daf502021-12-17 12:31:16.557root 11241100x8000000000000000317580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5857eb296f27c4a62021-12-17 12:31:16.557root 11241100x8000000000000000317581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693597d771c2f3b92021-12-17 12:31:16.558root 11241100x8000000000000000317582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239c97d51ac75fe72021-12-17 12:31:16.558root 11241100x8000000000000000317583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e010da7cc2533bb42021-12-17 12:31:16.558root 11241100x8000000000000000317584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7205f83e0eb8e6ec2021-12-17 12:31:17.057root 11241100x8000000000000000317585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3079e45a61880082021-12-17 12:31:17.057root 11241100x8000000000000000317586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8109db76408398342021-12-17 12:31:17.057root 11241100x8000000000000000317587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a9eff30e8afea72021-12-17 12:31:17.057root 11241100x8000000000000000317588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e27314f65f7eb22021-12-17 12:31:17.057root 11241100x8000000000000000317589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b093b0d26f3375402021-12-17 12:31:17.057root 11241100x8000000000000000317590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e03236d1dbcea922021-12-17 12:31:17.057root 11241100x8000000000000000317591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ffa14a68df2b6c2021-12-17 12:31:17.057root 11241100x8000000000000000317592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481280951aa2eab22021-12-17 12:31:17.057root 11241100x8000000000000000317593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceccbaf18f55c4892021-12-17 12:31:17.057root 11241100x8000000000000000317594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6edb395ff84d1a2021-12-17 12:31:17.057root 11241100x8000000000000000317595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd0f701f1d9cbfd2021-12-17 12:31:17.058root 11241100x8000000000000000317596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0348848971e7342021-12-17 12:31:17.058root 11241100x8000000000000000317597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399ff3b49adc42f12021-12-17 12:31:17.058root 11241100x8000000000000000317598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fa9edbf557f97d2021-12-17 12:31:17.557root 11241100x8000000000000000317599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f9650985c5ed892021-12-17 12:31:17.557root 11241100x8000000000000000317600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4492254103fc46282021-12-17 12:31:17.557root 11241100x8000000000000000317601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc25a2f92fda11182021-12-17 12:31:17.557root 11241100x8000000000000000317602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec17e74bd69241b2021-12-17 12:31:17.557root 11241100x8000000000000000317603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cc1a4dce9c769d2021-12-17 12:31:17.557root 11241100x8000000000000000317604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f11f84942686f902021-12-17 12:31:17.557root 11241100x8000000000000000317605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc494db9049150262021-12-17 12:31:17.557root 11241100x8000000000000000317606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d09f3333e773972021-12-17 12:31:17.557root 11241100x8000000000000000317607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b894342c8f9aba2d2021-12-17 12:31:17.557root 11241100x8000000000000000317608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674e906f661ba00a2021-12-17 12:31:17.557root 11241100x8000000000000000317609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97596799cbefb6362021-12-17 12:31:17.557root 11241100x8000000000000000317610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22d5d328e0816312021-12-17 12:31:17.558root 11241100x8000000000000000317611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecc44f34749afba2021-12-17 12:31:17.558root 11241100x8000000000000000317612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fe9a2471bef7732021-12-17 12:31:18.057root 11241100x8000000000000000317613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5c96daada3ee5e2021-12-17 12:31:18.057root 11241100x8000000000000000317614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ba8393988a550a2021-12-17 12:31:18.057root 11241100x8000000000000000317615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a074a837846e95f32021-12-17 12:31:18.057root 11241100x8000000000000000317616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5293c35e1ff715b2021-12-17 12:31:18.057root 11241100x8000000000000000317617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dbb96b4dc932cd2021-12-17 12:31:18.057root 11241100x8000000000000000317618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f66c2d670a54cc2021-12-17 12:31:18.057root 11241100x8000000000000000317619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325bc6745a26c61d2021-12-17 12:31:18.057root 11241100x8000000000000000317620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe210c4dea683432021-12-17 12:31:18.057root 11241100x8000000000000000317621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82267d81a7c502ed2021-12-17 12:31:18.057root 11241100x8000000000000000317622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11975796fc6fd412021-12-17 12:31:18.057root 11241100x8000000000000000317623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27de388437a2dbe52021-12-17 12:31:18.057root 11241100x8000000000000000317624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f0954e3b10d5f62021-12-17 12:31:18.057root 11241100x8000000000000000317625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3f07d87daff6562021-12-17 12:31:18.058root 354300x8000000000000000317626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.235{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44504-false10.0.1.12-8000- 11241100x8000000000000000317627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2681a64e5ac76302021-12-17 12:31:18.557root 11241100x8000000000000000317628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69286994dfc1ebed2021-12-17 12:31:18.557root 11241100x8000000000000000317629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f23e3bd68a3e582021-12-17 12:31:18.557root 11241100x8000000000000000317630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b27d648a26f0612021-12-17 12:31:18.557root 11241100x8000000000000000317631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327d7fab90523d572021-12-17 12:31:18.557root 11241100x8000000000000000317632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a9fb3e2d53816f2021-12-17 12:31:18.557root 11241100x8000000000000000317633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8530b4db42528aec2021-12-17 12:31:18.557root 11241100x8000000000000000317634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261410e2a2dc67a02021-12-17 12:31:18.557root 11241100x8000000000000000317635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b17d762d979ad312021-12-17 12:31:18.557root 11241100x8000000000000000317636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6243d714a98a67712021-12-17 12:31:18.558root 11241100x8000000000000000317637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072f243d81d425df2021-12-17 12:31:18.558root 11241100x8000000000000000317638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb1874f4c6065932021-12-17 12:31:18.558root 11241100x8000000000000000317639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e742a374bb2e050c2021-12-17 12:31:18.558root 11241100x8000000000000000317640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8c5f44bb83ec182021-12-17 12:31:18.558root 11241100x8000000000000000317641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b0b0f0cb239d972021-12-17 12:31:18.558root 11241100x8000000000000000317642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2fa8062448878e2021-12-17 12:31:19.057root 11241100x8000000000000000317643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abea81b6e9c65fa62021-12-17 12:31:19.057root 11241100x8000000000000000317644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf3247581f92f062021-12-17 12:31:19.057root 11241100x8000000000000000317645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfcafc6356e74012021-12-17 12:31:19.057root 11241100x8000000000000000317646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54785c252d76b9842021-12-17 12:31:19.057root 11241100x8000000000000000317647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e39d68b33d3a482021-12-17 12:31:19.057root 11241100x8000000000000000317648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc836b11010da9d2021-12-17 12:31:19.057root 11241100x8000000000000000317649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82324af5c88f8dfd2021-12-17 12:31:19.057root 11241100x8000000000000000317650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2046aec08d4fa182021-12-17 12:31:19.057root 11241100x8000000000000000317651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d9fe507239e5962021-12-17 12:31:19.057root 11241100x8000000000000000317652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b2a5dd6ce8908b2021-12-17 12:31:19.057root 11241100x8000000000000000317653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fb1dcdf44dfbc42021-12-17 12:31:19.057root 11241100x8000000000000000317654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68275e68ed57f0ca2021-12-17 12:31:19.058root 11241100x8000000000000000317655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b5eea5b534fe822021-12-17 12:31:19.058root 11241100x8000000000000000317656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef00cfb62cbb2dc42021-12-17 12:31:19.058root 11241100x8000000000000000317657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b471e729c0c1552021-12-17 12:31:19.557root 11241100x8000000000000000317658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c2251e52ac12102021-12-17 12:31:19.557root 11241100x8000000000000000317659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fc68aae01840b02021-12-17 12:31:19.557root 11241100x8000000000000000317660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e0e112ba0d9c302021-12-17 12:31:19.557root 11241100x8000000000000000317661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb1ebc3918e5f812021-12-17 12:31:19.557root 11241100x8000000000000000317662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab2a9d51bb65c002021-12-17 12:31:19.557root 11241100x8000000000000000317663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba034aa4d63566c2021-12-17 12:31:19.557root 11241100x8000000000000000317664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff0086d61d2320c2021-12-17 12:31:19.557root 11241100x8000000000000000317665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5a9420f1ac97502021-12-17 12:31:19.557root 11241100x8000000000000000317666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ab51ea1a25f2fa2021-12-17 12:31:19.557root 11241100x8000000000000000317667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36f72bd26bb2cfa2021-12-17 12:31:19.557root 11241100x8000000000000000317668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576b76b1690c0d472021-12-17 12:31:19.557root 11241100x8000000000000000317669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c38f96084376d32021-12-17 12:31:19.557root 11241100x8000000000000000317670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea38e2d15915fe9e2021-12-17 12:31:19.558root 11241100x8000000000000000317671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc673d6841f9c7f52021-12-17 12:31:19.558root 11241100x8000000000000000317672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c0abe9ca6febfb2021-12-17 12:31:20.057root 11241100x8000000000000000317673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207c0d61d683dfb82021-12-17 12:31:20.057root 11241100x8000000000000000317674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ed3d11924018552021-12-17 12:31:20.057root 11241100x8000000000000000317675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c71c621a11b74c72021-12-17 12:31:20.057root 11241100x8000000000000000317676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95058901240152c72021-12-17 12:31:20.057root 11241100x8000000000000000317677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed06ee7c7fb901f2021-12-17 12:31:20.057root 11241100x8000000000000000317678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f5da2a591e2e222021-12-17 12:31:20.057root 11241100x8000000000000000317679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055c229dfa6866422021-12-17 12:31:20.057root 11241100x8000000000000000317680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ae79a62ad123eb2021-12-17 12:31:20.057root 11241100x8000000000000000317681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6b4d70d64e31052021-12-17 12:31:20.057root 11241100x8000000000000000317682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66a48930eae42312021-12-17 12:31:20.057root 11241100x8000000000000000317683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7cd0b31f041a592021-12-17 12:31:20.057root 11241100x8000000000000000317684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6707fd221037d8f72021-12-17 12:31:20.058root 11241100x8000000000000000317685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f846a135d22eb352021-12-17 12:31:20.058root 11241100x8000000000000000317686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addb5b5f5e5c545e2021-12-17 12:31:20.058root 11241100x8000000000000000317687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b61f06394c4881d2021-12-17 12:31:20.557root 11241100x8000000000000000317688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839d1eefc18d5cc92021-12-17 12:31:20.557root 11241100x8000000000000000317689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f078585771f5c1c2021-12-17 12:31:20.557root 11241100x8000000000000000317690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fb7f238f6b4b932021-12-17 12:31:20.557root 11241100x8000000000000000317691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccfe6829572234d2021-12-17 12:31:20.557root 11241100x8000000000000000317692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d092e5d6c4bad9e62021-12-17 12:31:20.557root 11241100x8000000000000000317693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f5b9e52227c1222021-12-17 12:31:20.557root 11241100x8000000000000000317694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3558ebc444b48c3e2021-12-17 12:31:20.557root 11241100x8000000000000000317695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e384937c6127bcb02021-12-17 12:31:20.557root 11241100x8000000000000000317696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09dbdb07846bf4f2021-12-17 12:31:20.557root 11241100x8000000000000000317697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eb1de408273a082021-12-17 12:31:20.557root 11241100x8000000000000000317698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f922f64ddc2ac9b62021-12-17 12:31:20.557root 11241100x8000000000000000317699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeac8865fe5790f52021-12-17 12:31:20.557root 11241100x8000000000000000317700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8202eefe8da87d2021-12-17 12:31:20.558root 11241100x8000000000000000317701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e54f1cfc13ff412021-12-17 12:31:20.558root 154100x8000000000000000317702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.603{ec28ba6a-8318-61bc-6814-cab605560000}9586/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec28ba6a-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2255--- 534500x8000000000000000317703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.617{ec28ba6a-8318-61bc-6814-cab605560000}9586/bin/psroot 11241100x8000000000000000317704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafad00c18c6a4c52021-12-17 12:31:21.057root 11241100x8000000000000000317705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0ff940f0001a3d2021-12-17 12:31:21.057root 11241100x8000000000000000317706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e7facd06761f142021-12-17 12:31:21.057root 11241100x8000000000000000317707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4117356d613de6792021-12-17 12:31:21.057root 11241100x8000000000000000317708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f16701c0240f042021-12-17 12:31:21.057root 11241100x8000000000000000317709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41cf96213b1e5722021-12-17 12:31:21.057root 11241100x8000000000000000317710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6b68c57a13b7eb2021-12-17 12:31:21.057root 11241100x8000000000000000317711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be195015d69e6aa2021-12-17 12:31:21.057root 11241100x8000000000000000317712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9962309e4c9806c2021-12-17 12:31:21.058root 11241100x8000000000000000317713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b045b22748ba1eb72021-12-17 12:31:21.058root 11241100x8000000000000000317714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53c41b858ffdab92021-12-17 12:31:21.058root 11241100x8000000000000000317715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7939f8366d5627ad2021-12-17 12:31:21.058root 11241100x8000000000000000317716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c586955d210944b2021-12-17 12:31:21.058root 11241100x8000000000000000317717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e3d3367b0676ab2021-12-17 12:31:21.058root 11241100x8000000000000000317718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0863cb2e4a5ae02021-12-17 12:31:21.058root 11241100x8000000000000000317719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e4ef9a3b1ac7a72021-12-17 12:31:21.058root 11241100x8000000000000000317720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6837a6be2f1dd0922021-12-17 12:31:21.058root 11241100x8000000000000000317721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7d6a3c4d1fd0762021-12-17 12:31:21.557root 11241100x8000000000000000317722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de8b0e117472b432021-12-17 12:31:21.557root 11241100x8000000000000000317723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180a7fa18e4f929b2021-12-17 12:31:21.557root 11241100x8000000000000000317724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afae5d105cd22cd2021-12-17 12:31:21.557root 11241100x8000000000000000317725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b933a2976d5c672021-12-17 12:31:21.557root 11241100x8000000000000000317726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab25bb762145b3d2021-12-17 12:31:21.557root 11241100x8000000000000000317727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691b832272d708ad2021-12-17 12:31:21.558root 11241100x8000000000000000317728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df077b8a8963ab042021-12-17 12:31:21.558root 11241100x8000000000000000317729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3c2a464a8241222021-12-17 12:31:21.558root 11241100x8000000000000000317730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e839131e2dc96a72021-12-17 12:31:21.558root 11241100x8000000000000000317731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f623ab65b7b1af2021-12-17 12:31:21.558root 11241100x8000000000000000317732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f8f6dd7d21ab6c2021-12-17 12:31:21.558root 11241100x8000000000000000317733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c58c32e6cf36be02021-12-17 12:31:21.558root 11241100x8000000000000000317734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdc45cc5d211def2021-12-17 12:31:21.558root 11241100x8000000000000000317735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358aa0653a25e4412021-12-17 12:31:21.558root 11241100x8000000000000000317736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3261f34d46eb5a662021-12-17 12:31:21.558root 11241100x8000000000000000317737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5f170587a0f4582021-12-17 12:31:21.558root 11241100x8000000000000000317738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7328541e819bed2021-12-17 12:31:22.057root 11241100x8000000000000000317739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1ec30c178419972021-12-17 12:31:22.057root 11241100x8000000000000000317740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901905e73fa3ab302021-12-17 12:31:22.057root 11241100x8000000000000000317741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689245b2a1f07f2c2021-12-17 12:31:22.057root 11241100x8000000000000000317742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352ef24c9642b9c12021-12-17 12:31:22.057root 11241100x8000000000000000317743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61caf5c3db369af72021-12-17 12:31:22.057root 11241100x8000000000000000317744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d995d710bea70bd32021-12-17 12:31:22.057root 11241100x8000000000000000317745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dffca6eb4a957042021-12-17 12:31:22.057root 11241100x8000000000000000317746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f78a311dcd496fe2021-12-17 12:31:22.057root 11241100x8000000000000000317747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2749723abe866cb2021-12-17 12:31:22.058root 11241100x8000000000000000317748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72764ad277e745322021-12-17 12:31:22.058root 11241100x8000000000000000317749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d386798b8619b4c2021-12-17 12:31:22.058root 11241100x8000000000000000317750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b5896be3fd56582021-12-17 12:31:22.058root 11241100x8000000000000000317751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42251048775fe0b22021-12-17 12:31:22.058root 11241100x8000000000000000317752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a478418456bf43b32021-12-17 12:31:22.058root 11241100x8000000000000000317753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466a549de7600d2a2021-12-17 12:31:22.058root 11241100x8000000000000000317754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546a64fc1a34caf82021-12-17 12:31:22.058root 11241100x8000000000000000317755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5e0cd394203d622021-12-17 12:31:22.557root 11241100x8000000000000000317756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8434014a285fb62021-12-17 12:31:22.557root 11241100x8000000000000000317757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6db42031a726cc2021-12-17 12:31:22.557root 11241100x8000000000000000317758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3142fea129c56e592021-12-17 12:31:22.557root 11241100x8000000000000000317759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9118be25825ece2021-12-17 12:31:22.557root 11241100x8000000000000000317760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc4824968a22ff22021-12-17 12:31:22.557root 11241100x8000000000000000317761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ce02751bb1d74e2021-12-17 12:31:22.557root 11241100x8000000000000000317762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54184048300d7a902021-12-17 12:31:22.557root 11241100x8000000000000000317763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4870de434b29fb62021-12-17 12:31:22.557root 11241100x8000000000000000317764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e95969eea88f2f42021-12-17 12:31:22.557root 11241100x8000000000000000317765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56a3214859e68f82021-12-17 12:31:22.557root 11241100x8000000000000000317766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40054e1e8cfc4c602021-12-17 12:31:22.558root 11241100x8000000000000000317767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ba3d5b914f366e2021-12-17 12:31:22.558root 11241100x8000000000000000317768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a64a1d6179a8932021-12-17 12:31:22.558root 11241100x8000000000000000317769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be68c7980adec8d2021-12-17 12:31:22.558root 11241100x8000000000000000317770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cf1f7e22f5d7d92021-12-17 12:31:22.558root 11241100x8000000000000000317771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b3b222f02e30722021-12-17 12:31:22.558root 11241100x8000000000000000317772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c620e7c5764b2d02021-12-17 12:31:23.057root 11241100x8000000000000000317773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a86db5111eb098f2021-12-17 12:31:23.057root 11241100x8000000000000000317774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8074f55f5de2c8442021-12-17 12:31:23.057root 11241100x8000000000000000317775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1627fd58d9e4692021-12-17 12:31:23.057root 11241100x8000000000000000317776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426cc07b8cb49c3a2021-12-17 12:31:23.057root 11241100x8000000000000000317777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d551ce4001cf55b2021-12-17 12:31:23.057root 11241100x8000000000000000317778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb554255357dccb52021-12-17 12:31:23.057root 11241100x8000000000000000317779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4578728189419aed2021-12-17 12:31:23.057root 11241100x8000000000000000317780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3fc47f21b8eb042021-12-17 12:31:23.057root 11241100x8000000000000000317781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39374eb76ce326ab2021-12-17 12:31:23.057root 11241100x8000000000000000317782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da61ac8eeff613df2021-12-17 12:31:23.058root 11241100x8000000000000000317783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81159d2fd9494d612021-12-17 12:31:23.058root 11241100x8000000000000000317784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032a5d902a2c0b1c2021-12-17 12:31:23.058root 11241100x8000000000000000317785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1e06c9f0b3b93f2021-12-17 12:31:23.058root 11241100x8000000000000000317786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b83f1852287e712021-12-17 12:31:23.058root 11241100x8000000000000000317787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34a3adccfd868e72021-12-17 12:31:23.058root 11241100x8000000000000000317788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba3f4871f7699482021-12-17 12:31:23.058root 11241100x8000000000000000317789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a4299113c547682021-12-17 12:31:23.557root 11241100x8000000000000000317790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750bb2fdef0b26a42021-12-17 12:31:23.557root 11241100x8000000000000000317791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5850d17509d376972021-12-17 12:31:23.557root 11241100x8000000000000000317792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf996b4b5dfe82af2021-12-17 12:31:23.557root 11241100x8000000000000000317793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6ff7de639f96d52021-12-17 12:31:23.557root 11241100x8000000000000000317794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592ab837c9ce69312021-12-17 12:31:23.557root 11241100x8000000000000000317795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244da127eb2943652021-12-17 12:31:23.557root 11241100x8000000000000000317796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb569807f23e4742021-12-17 12:31:23.557root 11241100x8000000000000000317797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195025ca894f239e2021-12-17 12:31:23.557root 11241100x8000000000000000317798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517dbf21f61f1bab2021-12-17 12:31:23.557root 11241100x8000000000000000317799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152193d94e53b6c12021-12-17 12:31:23.557root 11241100x8000000000000000317800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2072759109a4c62021-12-17 12:31:23.558root 11241100x8000000000000000317801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7969352a467b38502021-12-17 12:31:23.558root 11241100x8000000000000000317802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2000d026444f251e2021-12-17 12:31:23.558root 11241100x8000000000000000317803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9727646f4aa5aac42021-12-17 12:31:23.558root 11241100x8000000000000000317804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d84641f1806d1bd2021-12-17 12:31:23.558root 11241100x8000000000000000317805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bf5c4f68fefc052021-12-17 12:31:23.558root 11241100x8000000000000000317806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df941cbb98c1bd62021-12-17 12:31:24.057root 11241100x8000000000000000317807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efbaffb58fd0dc62021-12-17 12:31:24.057root 11241100x8000000000000000317808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246e5ac1ee4d52e52021-12-17 12:31:24.057root 11241100x8000000000000000317809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dc2efe6daf8db92021-12-17 12:31:24.057root 11241100x8000000000000000317810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd726f211a1cc282021-12-17 12:31:24.057root 11241100x8000000000000000317811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8f5ee58801d3272021-12-17 12:31:24.057root 11241100x8000000000000000317812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d10e1055b022902021-12-17 12:31:24.057root 11241100x8000000000000000317813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cc55e6a64b763f2021-12-17 12:31:24.057root 11241100x8000000000000000317814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2a364bcda1b0392021-12-17 12:31:24.057root 11241100x8000000000000000317815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d0dbd5d025d1b42021-12-17 12:31:24.057root 11241100x8000000000000000317816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd0c1d2c6cbaad12021-12-17 12:31:24.058root 11241100x8000000000000000317817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4e58b51d0698282021-12-17 12:31:24.058root 11241100x8000000000000000317818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e064062efc3186e2021-12-17 12:31:24.058root 11241100x8000000000000000317819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95c261ae4ab639f2021-12-17 12:31:24.058root 11241100x8000000000000000317820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ed017ad7779cbf2021-12-17 12:31:24.058root 11241100x8000000000000000317821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0225960dde333222021-12-17 12:31:24.058root 11241100x8000000000000000317822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cee519d9899e722021-12-17 12:31:24.058root 354300x8000000000000000317823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.064{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44506-false10.0.1.12-8000- 11241100x8000000000000000317824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff8ad50168b12062021-12-17 12:31:24.557root 11241100x8000000000000000317825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a47e7cd52440ba82021-12-17 12:31:24.557root 11241100x8000000000000000317826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc65234a015d3b02021-12-17 12:31:24.557root 11241100x8000000000000000317827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83227a30f6a96ca2021-12-17 12:31:24.557root 11241100x8000000000000000317828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3a3e06cbab79842021-12-17 12:31:24.557root 11241100x8000000000000000317829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96679aa0091aec252021-12-17 12:31:24.557root 11241100x8000000000000000317830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5263ec0f4e72bfd62021-12-17 12:31:24.557root 11241100x8000000000000000317831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27733e8ae9960ea42021-12-17 12:31:24.557root 11241100x8000000000000000317832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ce583144c1cc342021-12-17 12:31:24.557root 11241100x8000000000000000317833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2198ca217a5debd2021-12-17 12:31:24.558root 11241100x8000000000000000317834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e169794a7f7a5942021-12-17 12:31:24.558root 11241100x8000000000000000317835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e66852bcb56a862021-12-17 12:31:24.558root 11241100x8000000000000000317836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7894b5ca848b30d12021-12-17 12:31:24.558root 11241100x8000000000000000317837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e639d9a914e8fa692021-12-17 12:31:24.558root 11241100x8000000000000000317838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8cda07b89116912021-12-17 12:31:24.558root 11241100x8000000000000000317839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41ff502341ee4902021-12-17 12:31:24.558root 11241100x8000000000000000317840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76a62418d2b2f272021-12-17 12:31:24.558root 11241100x8000000000000000317841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83a5a1741e7eef92021-12-17 12:31:24.558root 11241100x8000000000000000317842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef9f29c1592b18b2021-12-17 12:31:25.057root 11241100x8000000000000000317843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3022dd71af81ede2021-12-17 12:31:25.057root 11241100x8000000000000000317844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21ded3ad585a9252021-12-17 12:31:25.057root 11241100x8000000000000000317845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f03e86b1ca54dc2021-12-17 12:31:25.057root 11241100x8000000000000000317846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1443d4a50170fca92021-12-17 12:31:25.057root 11241100x8000000000000000317847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936d5b6f864c3cc62021-12-17 12:31:25.057root 11241100x8000000000000000317848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc79dba642725102021-12-17 12:31:25.057root 11241100x8000000000000000317849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48e4eff6c415d152021-12-17 12:31:25.057root 11241100x8000000000000000317850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a3c166095873b2021-12-17 12:31:25.057root 11241100x8000000000000000317851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547b469a134a34052021-12-17 12:31:25.057root 11241100x8000000000000000317852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172e2664fd288d562021-12-17 12:31:25.058root 11241100x8000000000000000317853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf972159062c9ff2021-12-17 12:31:25.058root 11241100x8000000000000000317854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc06bffd97acb632021-12-17 12:31:25.058root 11241100x8000000000000000317855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53daac47faca194e2021-12-17 12:31:25.058root 11241100x8000000000000000317856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a2405f06f3097e2021-12-17 12:31:25.058root 11241100x8000000000000000317857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85c2c0d06acbcbb2021-12-17 12:31:25.058root 11241100x8000000000000000317858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d024dee9ce998f042021-12-17 12:31:25.058root 11241100x8000000000000000317859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93510e0c1ce896c82021-12-17 12:31:25.058root 11241100x8000000000000000317860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88705c8b1abb743e2021-12-17 12:31:25.557root 11241100x8000000000000000317861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3550b349bdd96b12021-12-17 12:31:25.557root 11241100x8000000000000000317862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48bc567ac39dc242021-12-17 12:31:25.557root 11241100x8000000000000000317863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481cd60a638758d92021-12-17 12:31:25.557root 11241100x8000000000000000317864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8477d88e24c5612021-12-17 12:31:25.557root 11241100x8000000000000000317865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e290e4d5bfc4132021-12-17 12:31:25.557root 11241100x8000000000000000317866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a3a03f2729f5722021-12-17 12:31:25.557root 11241100x8000000000000000317867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382bacd0af600db92021-12-17 12:31:25.557root 11241100x8000000000000000317868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec36de44da6a13f02021-12-17 12:31:25.557root 11241100x8000000000000000317869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b21032c836a2e12021-12-17 12:31:25.557root 11241100x8000000000000000317870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f08315e9dbdd0632021-12-17 12:31:25.557root 11241100x8000000000000000317871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2796507ff59a99132021-12-17 12:31:25.558root 11241100x8000000000000000317872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35657d8ce4e68612021-12-17 12:31:25.558root 11241100x8000000000000000317873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca7b0e60db6636a2021-12-17 12:31:25.558root 11241100x8000000000000000317874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf32fc1968d2d692021-12-17 12:31:25.558root 11241100x8000000000000000317875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7aae2038a2ead2a2021-12-17 12:31:25.558root 11241100x8000000000000000317876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33e671542d45e662021-12-17 12:31:25.558root 11241100x8000000000000000317877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221b29b5b6cbb18b2021-12-17 12:31:25.558root 11241100x8000000000000000317878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1f1edfa626eab12021-12-17 12:31:26.057root 11241100x8000000000000000317879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f9a9f831442c1b2021-12-17 12:31:26.057root 11241100x8000000000000000317880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d8efd56d0ac1992021-12-17 12:31:26.057root 11241100x8000000000000000317881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faec9011157626992021-12-17 12:31:26.057root 11241100x8000000000000000317882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f44a3798e93c692021-12-17 12:31:26.057root 11241100x8000000000000000317883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d42393ebbd07ed2021-12-17 12:31:26.057root 11241100x8000000000000000317884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443fa5efcfde7b6e2021-12-17 12:31:26.057root 11241100x8000000000000000317885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df0eba86388a2842021-12-17 12:31:26.057root 11241100x8000000000000000317886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2031e5cf3f2344b92021-12-17 12:31:26.057root 11241100x8000000000000000317887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a091251fb25a40ee2021-12-17 12:31:26.057root 11241100x8000000000000000317888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38987a6ffb6079242021-12-17 12:31:26.058root 11241100x8000000000000000317889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c87b973c0a8d202021-12-17 12:31:26.058root 11241100x8000000000000000317890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd0c5f465b06eb32021-12-17 12:31:26.058root 11241100x8000000000000000317891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4caee9cb3f716832021-12-17 12:31:26.058root 11241100x8000000000000000317892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6077706adc5a46e22021-12-17 12:31:26.058root 11241100x8000000000000000317893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ff2d5937caa9992021-12-17 12:31:26.058root 11241100x8000000000000000317894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e32e37e2d816922021-12-17 12:31:26.058root 11241100x8000000000000000317895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d317e15a35a1b8b52021-12-17 12:31:26.058root 11241100x8000000000000000317896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d660590b5160b4c62021-12-17 12:31:26.557root 11241100x8000000000000000317897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d398941e8f9558c12021-12-17 12:31:26.557root 11241100x8000000000000000317898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91efbe67f6b8494a2021-12-17 12:31:26.557root 11241100x8000000000000000317899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58820f2653e8d6692021-12-17 12:31:26.557root 11241100x8000000000000000317900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ff6036bca4c2a12021-12-17 12:31:26.557root 11241100x8000000000000000317901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d603381a5bebfa32021-12-17 12:31:26.557root 11241100x8000000000000000317902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f5d4564bb8fc072021-12-17 12:31:26.557root 11241100x8000000000000000317903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c200fb2e65147c0c2021-12-17 12:31:26.557root 11241100x8000000000000000317904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de53befe65aa6752021-12-17 12:31:26.557root 11241100x8000000000000000317905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7a8171879ec602021-12-17 12:31:26.557root 11241100x8000000000000000317906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6028ec6464a11b042021-12-17 12:31:26.558root 11241100x8000000000000000317907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbf4352887194d32021-12-17 12:31:26.558root 11241100x8000000000000000317908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778fa8b81dc772962021-12-17 12:31:26.558root 11241100x8000000000000000317909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af37891928e36782021-12-17 12:31:26.558root 11241100x8000000000000000317910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccc4f6e556f673e2021-12-17 12:31:26.558root 11241100x8000000000000000317911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3ce7cba6f11c932021-12-17 12:31:26.558root 11241100x8000000000000000317912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9327e367ebd68c2021-12-17 12:31:26.558root 11241100x8000000000000000317913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ec9b6ae63218e62021-12-17 12:31:26.558root 11241100x8000000000000000317914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce14dab57103d592021-12-17 12:31:27.057root 11241100x8000000000000000317915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166bd27d570f40e12021-12-17 12:31:27.057root 11241100x8000000000000000317916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54792e9c7c8cced52021-12-17 12:31:27.057root 11241100x8000000000000000317917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2156b2e5b7375a2021-12-17 12:31:27.057root 11241100x8000000000000000317918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd12bad610b58752021-12-17 12:31:27.057root 11241100x8000000000000000317919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938a1304658151232021-12-17 12:31:27.057root 11241100x8000000000000000317920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e5ac241b4aa4942021-12-17 12:31:27.057root 11241100x8000000000000000317921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6270fd0518d2e7c42021-12-17 12:31:27.057root 11241100x8000000000000000317922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34997d9f0801df242021-12-17 12:31:27.057root 11241100x8000000000000000317923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b62218fdd5c708f2021-12-17 12:31:27.057root 11241100x8000000000000000317924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0b4677a92c51e82021-12-17 12:31:27.058root 11241100x8000000000000000317925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a8c7462b7ddf842021-12-17 12:31:27.058root 11241100x8000000000000000317926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45a46df2fa8a2e82021-12-17 12:31:27.058root 11241100x8000000000000000317927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b3a02834990c0a2021-12-17 12:31:27.058root 11241100x8000000000000000317928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d99324d265ea4b2021-12-17 12:31:27.058root 11241100x8000000000000000317929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55261194ed24ada62021-12-17 12:31:27.058root 11241100x8000000000000000317930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623157b65d4909482021-12-17 12:31:27.058root 11241100x8000000000000000317931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a894e7939798de22021-12-17 12:31:27.058root 11241100x8000000000000000317932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8dcf321af61b4a2021-12-17 12:31:27.557root 11241100x8000000000000000317933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e124420904b1db872021-12-17 12:31:27.557root 11241100x8000000000000000317934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7dc26152be28132021-12-17 12:31:27.557root 11241100x8000000000000000317935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bb0287aef7070d2021-12-17 12:31:27.557root 11241100x8000000000000000317936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8087fd3ceb5030c2021-12-17 12:31:27.557root 11241100x8000000000000000317937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7c5ad19621c82d2021-12-17 12:31:27.557root 11241100x8000000000000000317938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2163752a70763352021-12-17 12:31:27.557root 11241100x8000000000000000317939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83095b8ba20788bf2021-12-17 12:31:27.557root 11241100x8000000000000000317940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c921f9466201b42021-12-17 12:31:27.557root 11241100x8000000000000000317941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617493ce626cfb3b2021-12-17 12:31:27.557root 11241100x8000000000000000317942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e02e24b5895a25c2021-12-17 12:31:27.558root 11241100x8000000000000000317943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10eee1adcaeea722021-12-17 12:31:27.558root 11241100x8000000000000000317944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6735c8565bf9cabc2021-12-17 12:31:27.558root 11241100x8000000000000000317945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f308c73744c477a92021-12-17 12:31:27.558root 11241100x8000000000000000317946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065c69dedf464f812021-12-17 12:31:27.558root 11241100x8000000000000000317947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314e9626aaa3fff62021-12-17 12:31:27.558root 11241100x8000000000000000317948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3c5fbf56be54b62021-12-17 12:31:27.558root 11241100x8000000000000000317949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b2b1d052706bbc2021-12-17 12:31:27.558root 11241100x8000000000000000317950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368efb55f65adada2021-12-17 12:31:28.057root 11241100x8000000000000000317951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f917e6b7d4dbb962021-12-17 12:31:28.057root 11241100x8000000000000000317952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a06a8bb9273ac5d2021-12-17 12:31:28.057root 11241100x8000000000000000317953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d0b4a3224399b22021-12-17 12:31:28.057root 11241100x8000000000000000317954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89c5649bc1ac3292021-12-17 12:31:28.057root 11241100x8000000000000000317955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352b52e080aa43a12021-12-17 12:31:28.057root 11241100x8000000000000000317956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabb6472557c4cf62021-12-17 12:31:28.057root 11241100x8000000000000000317957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216