11241100x8000000000000000316911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a7b7c7d677afae2021-12-17 12:30:49.056root 11241100x8000000000000000316912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b2159a7e843ff62021-12-17 12:30:49.057root 11241100x8000000000000000316913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4efd455fa16db882021-12-17 12:30:49.057root 11241100x8000000000000000316914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b42fe717a1182c52021-12-17 12:30:49.057root 11241100x8000000000000000316915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd59ffbf834a8b52021-12-17 12:30:49.057root 11241100x8000000000000000316916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a855f80928c74a2021-12-17 12:30:49.057root 11241100x8000000000000000316917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dbaad770a656832021-12-17 12:30:49.057root 11241100x8000000000000000316918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74f1f3e86e55a022021-12-17 12:30:49.058root 11241100x8000000000000000316919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406d4cdd8270cf4b2021-12-17 12:30:49.556root 11241100x8000000000000000316920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3175a7c742761872021-12-17 12:30:49.557root 11241100x8000000000000000316921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2655a0403ed1d012021-12-17 12:30:49.557root 11241100x8000000000000000316922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5b99610726a4122021-12-17 12:30:49.557root 11241100x8000000000000000316923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bef9df569b634f2021-12-17 12:30:49.557root 11241100x8000000000000000316924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc0ba3114df4eb12021-12-17 12:30:49.557root 11241100x8000000000000000316925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6192477eda7ef3812021-12-17 12:30:49.557root 11241100x8000000000000000316926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863fd9a7fd8b8e092021-12-17 12:30:49.558root 11241100x8000000000000000316927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89672515e30ed1652021-12-17 12:30:50.056root 11241100x8000000000000000316928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53679bdaa17922c92021-12-17 12:30:50.057root 11241100x8000000000000000316929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00b6ab44d1a52a02021-12-17 12:30:50.057root 11241100x8000000000000000316930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfe4fde1727617c2021-12-17 12:30:50.057root 11241100x8000000000000000316931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df53d011859bc0e62021-12-17 12:30:50.057root 11241100x8000000000000000316932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2695254a7c8fdb182021-12-17 12:30:50.057root 11241100x8000000000000000316933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d164ad82be3629ea2021-12-17 12:30:50.057root 11241100x8000000000000000316934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f24270df99f77a72021-12-17 12:30:50.058root 11241100x8000000000000000316935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8747cabeb7140c2021-12-17 12:30:50.556root 11241100x8000000000000000316936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bd00fe457f8d032021-12-17 12:30:50.557root 11241100x8000000000000000316937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d1b940a6097b0b2021-12-17 12:30:50.557root 11241100x8000000000000000316938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacdbd0f155c3ca82021-12-17 12:30:50.557root 11241100x8000000000000000316939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580ecf0ba24d04ce2021-12-17 12:30:50.557root 11241100x8000000000000000316940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3691e27ed65320f2021-12-17 12:30:50.557root 11241100x8000000000000000316941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f471b768efb1e7c2021-12-17 12:30:50.557root 11241100x8000000000000000316942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55082da02fcfac62021-12-17 12:30:50.558root 11241100x8000000000000000316943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513c7e63a62c249c2021-12-17 12:30:51.056root 11241100x8000000000000000316944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5de5e604d237472021-12-17 12:30:51.057root 11241100x8000000000000000316945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff71715f694cb4bd2021-12-17 12:30:51.057root 11241100x8000000000000000316946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35252c383eec57072021-12-17 12:30:51.057root 11241100x8000000000000000316947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38490ebf23ce21f2021-12-17 12:30:51.057root 11241100x8000000000000000316948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55913e4c4cfb8612021-12-17 12:30:51.057root 11241100x8000000000000000316949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb165127d72a77c2021-12-17 12:30:51.058root 11241100x8000000000000000316950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb0c57b0663fa212021-12-17 12:30:51.058root 354300x8000000000000000316951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.125{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44494-false10.0.1.12-8000- 11241100x8000000000000000316952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4707a821df4abd2021-12-17 12:30:51.556root 11241100x8000000000000000316953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e556c7c6364f64bb2021-12-17 12:30:51.556root 11241100x8000000000000000316954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c364d848bf53922021-12-17 12:30:51.557root 11241100x8000000000000000316955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866ae8f573f175a12021-12-17 12:30:51.557root 11241100x8000000000000000316956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc873887c369bdfa2021-12-17 12:30:51.557root 11241100x8000000000000000316957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ebcb012e4eae852021-12-17 12:30:51.557root 11241100x8000000000000000316958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0949e9beea9873a52021-12-17 12:30:51.557root 11241100x8000000000000000316959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c487b12192451efe2021-12-17 12:30:51.557root 11241100x8000000000000000316960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a817e237587c776e2021-12-17 12:30:51.557root 11241100x8000000000000000316961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8d67a54b2f532b2021-12-17 12:30:52.056root 11241100x8000000000000000316962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca84edaad33b2ed2021-12-17 12:30:52.056root 11241100x8000000000000000316963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d278c8db47e4bb2a2021-12-17 12:30:52.057root 11241100x8000000000000000316964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb07feda06ce0332021-12-17 12:30:52.057root 11241100x8000000000000000316965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18db685d91283dce2021-12-17 12:30:52.057root 11241100x8000000000000000316966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0565513b3b21c91c2021-12-17 12:30:52.057root 11241100x8000000000000000316967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f30e0b4098cf192021-12-17 12:30:52.057root 11241100x8000000000000000316968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b7be56ef8255582021-12-17 12:30:52.057root 11241100x8000000000000000316969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d682c462f4a23a2021-12-17 12:30:52.057root 11241100x8000000000000000316970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b20dbf2c6a4bdf2021-12-17 12:30:52.556root 11241100x8000000000000000316971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a61c2529f1f18e2021-12-17 12:30:52.556root 11241100x8000000000000000316972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4587e236aba9af892021-12-17 12:30:52.557root 11241100x8000000000000000316973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af3a38639ec07b62021-12-17 12:30:52.557root 11241100x8000000000000000316974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3681c02ad1c865eb2021-12-17 12:30:52.557root 11241100x8000000000000000316975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306b3ebb0a275a152021-12-17 12:30:52.557root 11241100x8000000000000000316976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff8523deba6a0f02021-12-17 12:30:52.557root 11241100x8000000000000000316977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db42bfcd5993d7b2021-12-17 12:30:52.557root 11241100x8000000000000000316978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5afcf9a9f9ca88f2021-12-17 12:30:52.557root 11241100x8000000000000000316979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d764c5293fb030a2021-12-17 12:30:53.056root 11241100x8000000000000000316980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f7b1e9ee47c6202021-12-17 12:30:53.056root 11241100x8000000000000000316981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa9589baa7c63672021-12-17 12:30:53.057root 11241100x8000000000000000316982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5e3120083f51172021-12-17 12:30:53.057root 11241100x8000000000000000316983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83354dde1542bbb02021-12-17 12:30:53.057root 11241100x8000000000000000316984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fffe8cd3ee96ecc2021-12-17 12:30:53.057root 11241100x8000000000000000316985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e097933377cb4f2021-12-17 12:30:53.057root 11241100x8000000000000000316986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56f09d2d5507fc42021-12-17 12:30:53.057root 11241100x8000000000000000316987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa231df064429a02021-12-17 12:30:53.057root 11241100x8000000000000000316988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb5fcaf53c999902021-12-17 12:30:53.556root 11241100x8000000000000000316989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c193cc3ac8e6e1192021-12-17 12:30:53.556root 11241100x8000000000000000316990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee61c491c720b6522021-12-17 12:30:53.557root 11241100x8000000000000000316991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6283b1e0b2f85642021-12-17 12:30:53.557root 11241100x8000000000000000316992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aea10f566f30da12021-12-17 12:30:53.557root 11241100x8000000000000000316993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3bd3a42a0a52362021-12-17 12:30:53.557root 11241100x8000000000000000316994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ad95c0dcbcd7ec2021-12-17 12:30:53.557root 11241100x8000000000000000316995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a24cca04f26fb552021-12-17 12:30:53.557root 11241100x8000000000000000316996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4367a16d7a64813d2021-12-17 12:30:53.557root 11241100x8000000000000000316997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff6ecfc0e70c4f22021-12-17 12:30:54.056root 11241100x8000000000000000316998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff1b02eaf46d9292021-12-17 12:30:54.056root 11241100x8000000000000000316999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e86947e880535e02021-12-17 12:30:54.057root 11241100x8000000000000000317000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45f6cad02f268082021-12-17 12:30:54.057root 11241100x8000000000000000317001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa401ca38b5e7e92021-12-17 12:30:54.057root 11241100x8000000000000000317002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8110b33a303283b12021-12-17 12:30:54.057root 11241100x8000000000000000317003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bd8f1df61db6352021-12-17 12:30:54.057root 11241100x8000000000000000317004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758b0233399221362021-12-17 12:30:54.057root 11241100x8000000000000000317005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb9e0e6ee60fec72021-12-17 12:30:54.057root 11241100x8000000000000000317006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae4c89fd7c147762021-12-17 12:30:54.556root 11241100x8000000000000000317007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6214a3399122dbb2021-12-17 12:30:54.556root 11241100x8000000000000000317008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c9aea2c035fcc22021-12-17 12:30:54.557root 11241100x8000000000000000317009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f629f7552174bea2021-12-17 12:30:54.557root 11241100x8000000000000000317010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30acd7be2b83c5a2021-12-17 12:30:54.557root 11241100x8000000000000000317011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9779db1501b0f62021-12-17 12:30:54.557root 11241100x8000000000000000317012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e37ed0407c2bd42021-12-17 12:30:54.557root 11241100x8000000000000000317013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7763311ce38d06302021-12-17 12:30:54.557root 11241100x8000000000000000317014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7430f546908e46e2021-12-17 12:30:54.557root 11241100x8000000000000000317015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced5804cf6946ce82021-12-17 12:30:55.056root 11241100x8000000000000000317016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad14ebfd8c7b40612021-12-17 12:30:55.057root 11241100x8000000000000000317017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb8883ba68fa6062021-12-17 12:30:55.057root 11241100x8000000000000000317018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbf95da1795a7ae2021-12-17 12:30:55.057root 11241100x8000000000000000317019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf053ede69d5e532021-12-17 12:30:55.057root 11241100x8000000000000000317020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d760b78f19bda4e22021-12-17 12:30:55.057root 11241100x8000000000000000317021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14632730e66b67dc2021-12-17 12:30:55.057root 11241100x8000000000000000317022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a275aca2e72486432021-12-17 12:30:55.057root 11241100x8000000000000000317023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a931fdc9fc23db2021-12-17 12:30:55.057root 11241100x8000000000000000317024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698e5776680ed6652021-12-17 12:30:55.556root 11241100x8000000000000000317025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeed07a01248b4df2021-12-17 12:30:55.556root 11241100x8000000000000000317026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2ff1c875900e542021-12-17 12:30:55.557root 11241100x8000000000000000317027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e68ef24394acd72021-12-17 12:30:55.557root 11241100x8000000000000000317028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f42c7e68bf455472021-12-17 12:30:55.557root 11241100x8000000000000000317029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbcb58c81950d752021-12-17 12:30:55.557root 11241100x8000000000000000317030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0528e12a98d010f2021-12-17 12:30:55.557root 11241100x8000000000000000317031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d037bdedc35edbf72021-12-17 12:30:55.557root 11241100x8000000000000000317032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e96c5ae511a73312021-12-17 12:30:55.557root 11241100x8000000000000000317033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df4fbc596274a6b2021-12-17 12:30:56.056root 11241100x8000000000000000317034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac25e8d6521a3eb2021-12-17 12:30:56.056root 11241100x8000000000000000317035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42176a3e13af6d8a2021-12-17 12:30:56.057root 11241100x8000000000000000317036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20fb97a88fae1b22021-12-17 12:30:56.057root 11241100x8000000000000000317037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf5b603da41400b2021-12-17 12:30:56.057root 11241100x8000000000000000317038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e0c3002b93ab542021-12-17 12:30:56.057root 11241100x8000000000000000317039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcafb516917f5c892021-12-17 12:30:56.057root 11241100x8000000000000000317040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dd6be1768ba2552021-12-17 12:30:56.057root 11241100x8000000000000000317041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7802f04041e0b7402021-12-17 12:30:56.057root 354300x8000000000000000317042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.211{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44496-false10.0.1.12-8000- 11241100x8000000000000000317043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd4a0c6e09e8db82021-12-17 12:30:56.556root 11241100x8000000000000000317044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148d634713a1e65d2021-12-17 12:30:56.557root 11241100x8000000000000000317045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9982dcf92eab6f02021-12-17 12:30:56.557root 11241100x8000000000000000317046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571ed8f8b3b8202f2021-12-17 12:30:56.557root 11241100x8000000000000000317047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21196877145bce222021-12-17 12:30:56.557root 11241100x8000000000000000317048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f7cb6676535ccc2021-12-17 12:30:56.558root 11241100x8000000000000000317049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7063b4c800b31bea2021-12-17 12:30:56.558root 11241100x8000000000000000317050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fa384bb91379b82021-12-17 12:30:56.558root 11241100x8000000000000000317051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b3a5805e5eea792021-12-17 12:30:56.558root 11241100x8000000000000000317052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d220d794cb5ee62021-12-17 12:30:56.558root 11241100x8000000000000000317053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed85bdf6ce65c9a12021-12-17 12:30:57.057root 11241100x8000000000000000317054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53cbdab02a2b22e2021-12-17 12:30:57.057root 11241100x8000000000000000317055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af2642ff38bbe042021-12-17 12:30:57.058root 11241100x8000000000000000317056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e74eb23712b2c512021-12-17 12:30:57.058root 11241100x8000000000000000317057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826c08c807b0c38c2021-12-17 12:30:57.058root 11241100x8000000000000000317058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b476e5fbd2f3caa72021-12-17 12:30:57.058root 11241100x8000000000000000317059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bac578e07ab2ab2021-12-17 12:30:57.058root 11241100x8000000000000000317060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775d884b335706f42021-12-17 12:30:57.058root 11241100x8000000000000000317061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cf84b2173775112021-12-17 12:30:57.059root 11241100x8000000000000000317062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc55e591810d6142021-12-17 12:30:57.059root 11241100x8000000000000000317063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd352519fe4b1a612021-12-17 12:30:57.556root 11241100x8000000000000000317064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d43d7fe2b843362021-12-17 12:30:57.557root 11241100x8000000000000000317065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846fdad7182fcc932021-12-17 12:30:57.557root 11241100x8000000000000000317066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c52f7c8709c8a32021-12-17 12:30:57.557root 11241100x8000000000000000317067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994133f8aef4d71b2021-12-17 12:30:57.557root 11241100x8000000000000000317068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ffde7d4a0acc642021-12-17 12:30:57.557root 11241100x8000000000000000317069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2ffeb88fa652b22021-12-17 12:30:57.557root 11241100x8000000000000000317070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485252582fff6cb82021-12-17 12:30:57.557root 11241100x8000000000000000317071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bedca6b51bff6612021-12-17 12:30:57.558root 11241100x8000000000000000317072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:57.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed12c1960b795682021-12-17 12:30:57.558root 11241100x8000000000000000317073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb9805e8b8064f62021-12-17 12:30:58.056root 11241100x8000000000000000317074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ca6be5e55d31592021-12-17 12:30:58.057root 11241100x8000000000000000317075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b36e86bb968d722021-12-17 12:30:58.057root 11241100x8000000000000000317076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41faad1f7f950c72021-12-17 12:30:58.057root 11241100x8000000000000000317077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3ff910a68747212021-12-17 12:30:58.057root 11241100x8000000000000000317078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f47d89775431aa62021-12-17 12:30:58.057root 11241100x8000000000000000317079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94174483ed894f42021-12-17 12:30:58.057root 11241100x8000000000000000317080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71b41247ed9ae612021-12-17 12:30:58.057root 11241100x8000000000000000317081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d00d238e0b00fd2021-12-17 12:30:58.057root 11241100x8000000000000000317082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981552eb91abdebf2021-12-17 12:30:58.057root 11241100x8000000000000000317083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffcc488904a84e22021-12-17 12:30:58.556root 11241100x8000000000000000317084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b42c1fa84ce4ff2021-12-17 12:30:58.557root 11241100x8000000000000000317085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2f6700827a33d42021-12-17 12:30:58.557root 11241100x8000000000000000317086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27486dd58296d8502021-12-17 12:30:58.557root 11241100x8000000000000000317087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0303c6cac6348d402021-12-17 12:30:58.557root 11241100x8000000000000000317088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4de82343b5165c2021-12-17 12:30:58.557root 11241100x8000000000000000317089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b432f6fca95f18172021-12-17 12:30:58.557root 11241100x8000000000000000317090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7195368ea384e132021-12-17 12:30:58.557root 11241100x8000000000000000317091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d281106f023e2b2021-12-17 12:30:58.557root 11241100x8000000000000000317092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b048889534ecf022021-12-17 12:30:58.557root 11241100x8000000000000000317093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714cc369289a6b722021-12-17 12:30:59.056root 11241100x8000000000000000317094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c40239976554d42021-12-17 12:30:59.057root 11241100x8000000000000000317095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29427a56d8f69202021-12-17 12:30:59.057root 11241100x8000000000000000317096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abe6af265c6b3e72021-12-17 12:30:59.057root 11241100x8000000000000000317097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de293c2d4ebaec32021-12-17 12:30:59.057root 11241100x8000000000000000317098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d058d60954ea0092021-12-17 12:30:59.057root 11241100x8000000000000000317099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d0f040cc55742a2021-12-17 12:30:59.057root 11241100x8000000000000000317100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5e720e22ae89082021-12-17 12:30:59.057root 11241100x8000000000000000317101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a237ea1f52fccf0c2021-12-17 12:30:59.057root 11241100x8000000000000000317102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2717c51b7b95e8b2021-12-17 12:30:59.057root 11241100x8000000000000000317103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8b48b9b8e155162021-12-17 12:30:59.556root 11241100x8000000000000000317104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08301418c2e55bd2021-12-17 12:30:59.557root 11241100x8000000000000000317105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb6003343892a652021-12-17 12:30:59.557root 11241100x8000000000000000317106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7e3d453d67bf902021-12-17 12:30:59.557root 11241100x8000000000000000317107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791f16ab136728fd2021-12-17 12:30:59.557root 11241100x8000000000000000317108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4135f6535dd429532021-12-17 12:30:59.557root 11241100x8000000000000000317109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b0853e222c70182021-12-17 12:30:59.557root 11241100x8000000000000000317110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e854e9c42384c96f2021-12-17 12:30:59.557root 11241100x8000000000000000317111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538849a5c44914df2021-12-17 12:30:59.557root 11241100x8000000000000000317112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:30:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d85956df0f6b7072021-12-17 12:30:59.558root 11241100x8000000000000000317113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceef28fad72c14c12021-12-17 12:31:00.056root 11241100x8000000000000000317114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f064eff9110cda72021-12-17 12:31:00.057root 11241100x8000000000000000317115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2084aca46eab035c2021-12-17 12:31:00.057root 11241100x8000000000000000317116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdcfc890255ec6b2021-12-17 12:31:00.057root 11241100x8000000000000000317117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ef52e56d89bd082021-12-17 12:31:00.057root 11241100x8000000000000000317118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c17b5445b417d72021-12-17 12:31:00.057root 11241100x8000000000000000317119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b485105fcd13bd2021-12-17 12:31:00.057root 11241100x8000000000000000317120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5ed7db0b28b0682021-12-17 12:31:00.057root 11241100x8000000000000000317121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a84d1428dc108072021-12-17 12:31:00.057root 11241100x8000000000000000317122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93562021a8a38fe2021-12-17 12:31:00.058root 11241100x8000000000000000317123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.167{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-17 12:31:00.167root 11241100x8000000000000000317124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974aebafede609c42021-12-17 12:31:00.556root 11241100x8000000000000000317125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94796f18b1268ed2021-12-17 12:31:00.557root 11241100x8000000000000000317126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06817fe3fc651822021-12-17 12:31:00.557root 11241100x8000000000000000317127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9141149cabf7ee072021-12-17 12:31:00.557root 11241100x8000000000000000317128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46437aead2c785892021-12-17 12:31:00.557root 11241100x8000000000000000317129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8881470817850712021-12-17 12:31:00.557root 11241100x8000000000000000317130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a322ad84743b0332021-12-17 12:31:00.558root 11241100x8000000000000000317131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d3936b5ad384e02021-12-17 12:31:00.558root 11241100x8000000000000000317132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6571f4d7a1ba53982021-12-17 12:31:00.558root 11241100x8000000000000000317133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27198e888e94b45c2021-12-17 12:31:00.558root 11241100x8000000000000000317134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274ca9d2ace3be172021-12-17 12:31:00.558root 11241100x8000000000000000317135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404d5b4ef63f69ec2021-12-17 12:31:01.057root 11241100x8000000000000000317136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc31e466549fb312021-12-17 12:31:01.057root 11241100x8000000000000000317137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc974c451d5ad432021-12-17 12:31:01.057root 11241100x8000000000000000317138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c824ac94881826842021-12-17 12:31:01.057root 11241100x8000000000000000317139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debb7fa75720e4f32021-12-17 12:31:01.057root 11241100x8000000000000000317140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90b168ec47a41b52021-12-17 12:31:01.058root 11241100x8000000000000000317141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f48eb44117ce40c2021-12-17 12:31:01.058root 11241100x8000000000000000317142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120d1bb339775a7f2021-12-17 12:31:01.058root 11241100x8000000000000000317143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1f6730a08f651d2021-12-17 12:31:01.058root 11241100x8000000000000000317144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d210c8207a9c502021-12-17 12:31:01.058root 11241100x8000000000000000317145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802603b168b832b12021-12-17 12:31:01.058root 11241100x8000000000000000317146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5fa8b7013ff88c2021-12-17 12:31:01.560root 11241100x8000000000000000317147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fadc5ee9ca47dcb2021-12-17 12:31:01.561root 11241100x8000000000000000317148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c079a8e53db33d482021-12-17 12:31:01.561root 11241100x8000000000000000317149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a44854060a55a542021-12-17 12:31:01.561root 11241100x8000000000000000317150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03980ad025d4be82021-12-17 12:31:01.562root 11241100x8000000000000000317151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbef1d4131beb9c2021-12-17 12:31:01.562root 11241100x8000000000000000317152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e1a9b6eb74655b2021-12-17 12:31:01.562root 11241100x8000000000000000317153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bb7154163edae82021-12-17 12:31:01.562root 11241100x8000000000000000317154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a333c2ed5ed4fb2021-12-17 12:31:01.563root 11241100x8000000000000000317155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac18d91d2ad524e02021-12-17 12:31:01.563root 11241100x8000000000000000317156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:01.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d79dec58f3bed02021-12-17 12:31:01.563root 354300x8000000000000000317157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.050{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44498-false10.0.1.12-8000- 11241100x8000000000000000317158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.050{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd39bc00804d8ac2021-12-17 12:31:02.050root 11241100x8000000000000000317159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2db326cec2d1bf2021-12-17 12:31:02.051root 11241100x8000000000000000317160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f811bfc4d0ff7cf2021-12-17 12:31:02.051root 11241100x8000000000000000317161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b60d6d68ef3a2b2021-12-17 12:31:02.051root 11241100x8000000000000000317162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f209b0ca0c00fc682021-12-17 12:31:02.051root 11241100x8000000000000000317163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c5ee469e42d74d2021-12-17 12:31:02.051root 11241100x8000000000000000317164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8576c6e50962e7a2021-12-17 12:31:02.051root 11241100x8000000000000000317165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951bb415d06245572021-12-17 12:31:02.051root 11241100x8000000000000000317166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b129bd92f11ed3592021-12-17 12:31:02.051root 11241100x8000000000000000317167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500005013d6c749b2021-12-17 12:31:02.051root 11241100x8000000000000000317168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480da456453b22702021-12-17 12:31:02.051root 11241100x8000000000000000317169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.051{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6d1cb481743e5d2021-12-17 12:31:02.051root 11241100x8000000000000000317170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.306{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbc9828e14493fb2021-12-17 12:31:02.306root 11241100x8000000000000000317171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7c650c6ed403a72021-12-17 12:31:02.307root 11241100x8000000000000000317172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3806ade7035bc6c22021-12-17 12:31:02.307root 11241100x8000000000000000317173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae70e3b61ee6822021-12-17 12:31:02.307root 11241100x8000000000000000317174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3616f056b9cbc42021-12-17 12:31:02.307root 11241100x8000000000000000317175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9130ea686d91f9112021-12-17 12:31:02.308root 11241100x8000000000000000317176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b15de0b96adc702021-12-17 12:31:02.308root 11241100x8000000000000000317177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbd6717941926042021-12-17 12:31:02.308root 11241100x8000000000000000317178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdb01500f2544172021-12-17 12:31:02.308root 11241100x8000000000000000317179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d9265c940456602021-12-17 12:31:02.308root 11241100x8000000000000000317180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a314f52da95acf42021-12-17 12:31:02.308root 11241100x8000000000000000317181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9dadd2c1acad262021-12-17 12:31:02.309root 11241100x8000000000000000317182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500877230cef85112021-12-17 12:31:02.807root 11241100x8000000000000000317183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b23dccc1ca38952021-12-17 12:31:02.807root 11241100x8000000000000000317184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6561b491fafb7d2021-12-17 12:31:02.807root 11241100x8000000000000000317185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4acfe3f2247f9e82021-12-17 12:31:02.807root 11241100x8000000000000000317186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ab4a2371a8feeb2021-12-17 12:31:02.807root 11241100x8000000000000000317187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9832b647e37221c2021-12-17 12:31:02.807root 11241100x8000000000000000317188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e85661211797902021-12-17 12:31:02.807root 11241100x8000000000000000317189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8724eca109fabdf2021-12-17 12:31:02.807root 11241100x8000000000000000317190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b0633aaa8af4d22021-12-17 12:31:02.807root 11241100x8000000000000000317191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7060165157753b2021-12-17 12:31:02.808root 11241100x8000000000000000317192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7c7124f3d3e2b82021-12-17 12:31:02.808root 11241100x8000000000000000317193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:02.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323d1e7c0ae73c042021-12-17 12:31:02.808root 23542300x8000000000000000317194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.169{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000317195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.170{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df87017bfe0cb7012021-12-17 12:31:03.170root 11241100x8000000000000000317196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.170{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5357e0b6b1791332021-12-17 12:31:03.170root 11241100x8000000000000000317197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.170{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575e1822f183245d2021-12-17 12:31:03.170root 11241100x8000000000000000317198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.170{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f6f848601b45842021-12-17 12:31:03.170root 11241100x8000000000000000317199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.171{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617c999fef5b4fe32021-12-17 12:31:03.171root 11241100x8000000000000000317200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.171{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38773d78aa1858402021-12-17 12:31:03.171root 11241100x8000000000000000317201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.171{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5f41c761d3c2752021-12-17 12:31:03.171root 11241100x8000000000000000317202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.171{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7c53cb04f44c152021-12-17 12:31:03.171root 11241100x8000000000000000317203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b86c700dbce41e2021-12-17 12:31:03.172root 11241100x8000000000000000317204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d476f4fc03ac5ef2021-12-17 12:31:03.172root 11241100x8000000000000000317205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345497a70c84106b2021-12-17 12:31:03.172root 11241100x8000000000000000317206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cd1bd8eb8934532021-12-17 12:31:03.172root 11241100x8000000000000000317207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09adb429947baeb2021-12-17 12:31:03.172root 11241100x8000000000000000317208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a6b4766b2311e52021-12-17 12:31:03.172root 11241100x8000000000000000317209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc3d49e54210cf22021-12-17 12:31:03.172root 11241100x8000000000000000317210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608b9e1431fe72e22021-12-17 12:31:03.172root 11241100x8000000000000000317211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1491c4ec2e42a1e2021-12-17 12:31:03.172root 11241100x8000000000000000317212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea6c29dcb7b795a2021-12-17 12:31:03.172root 11241100x8000000000000000317213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6091ff7df7a2cfe72021-12-17 12:31:03.557root 11241100x8000000000000000317214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c901017c0734abd12021-12-17 12:31:03.557root 11241100x8000000000000000317215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188e9b1e948ea0942021-12-17 12:31:03.557root 11241100x8000000000000000317216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6488d9efd4ce3ad42021-12-17 12:31:03.557root 11241100x8000000000000000317217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6291c4cac49558ee2021-12-17 12:31:03.557root 11241100x8000000000000000317218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a57776014093122021-12-17 12:31:03.557root 11241100x8000000000000000317219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aeac7279fe37eb2021-12-17 12:31:03.557root 11241100x8000000000000000317220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e71446f9418f352021-12-17 12:31:03.557root 11241100x8000000000000000317221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb63018f605b50d2021-12-17 12:31:03.557root 11241100x8000000000000000317222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6040deef3b5ec5c2021-12-17 12:31:03.558root 11241100x8000000000000000317223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ab948ff945ff032021-12-17 12:31:03.558root 11241100x8000000000000000317224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80521bdb222b13b2021-12-17 12:31:03.558root 11241100x8000000000000000317225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4855e54322051dc92021-12-17 12:31:03.558root 11241100x8000000000000000317226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5c62f1dd30f25e2021-12-17 12:31:04.057root 11241100x8000000000000000317227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ca2d2d5b38c5ed2021-12-17 12:31:04.057root 11241100x8000000000000000317228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8726f8c12abdc3b42021-12-17 12:31:04.057root 11241100x8000000000000000317229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303c452c71ae2cb22021-12-17 12:31:04.057root 11241100x8000000000000000317230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9d6056c31b3cf02021-12-17 12:31:04.057root 11241100x8000000000000000317231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa512cab3a733db2021-12-17 12:31:04.057root 11241100x8000000000000000317232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ca611ed62d35132021-12-17 12:31:04.057root 11241100x8000000000000000317233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e313a582e3c58fa2021-12-17 12:31:04.058root 11241100x8000000000000000317234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be744b44a6fc65b82021-12-17 12:31:04.058root 11241100x8000000000000000317235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47252ce620c4547a2021-12-17 12:31:04.058root 11241100x8000000000000000317236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2290fdce34271e2021-12-17 12:31:04.058root 11241100x8000000000000000317237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d823e1b7ba2c77d22021-12-17 12:31:04.058root 11241100x8000000000000000317238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54c62814de3950d2021-12-17 12:31:04.058root 11241100x8000000000000000317239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d497f4a27df96ce32021-12-17 12:31:04.557root 11241100x8000000000000000317240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051a896c3bea28ff2021-12-17 12:31:04.557root 11241100x8000000000000000317241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4888269980e9572021-12-17 12:31:04.557root 11241100x8000000000000000317242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698c1cdf29c7be8a2021-12-17 12:31:04.557root 11241100x8000000000000000317243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcad5bd7a95b9ea82021-12-17 12:31:04.557root 11241100x8000000000000000317244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f08820e4bb593e92021-12-17 12:31:04.557root 11241100x8000000000000000317245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4925de3edc7bd75d2021-12-17 12:31:04.557root 11241100x8000000000000000317246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3330c62dca4c43e42021-12-17 12:31:04.557root 11241100x8000000000000000317247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7783a1c8b9667a842021-12-17 12:31:04.557root 11241100x8000000000000000317248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973dd9e95e2eebbe2021-12-17 12:31:04.557root 11241100x8000000000000000317249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de62c40860bd7c582021-12-17 12:31:04.557root 11241100x8000000000000000317250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7508fdd33798fa2021-12-17 12:31:04.558root 11241100x8000000000000000317251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c4b82e42ae69952021-12-17 12:31:04.558root 11241100x8000000000000000317252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a50077739eff202021-12-17 12:31:05.057root 11241100x8000000000000000317253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7740c7989c6b82e2021-12-17 12:31:05.057root 11241100x8000000000000000317254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7422033a1871c72021-12-17 12:31:05.057root 11241100x8000000000000000317255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd48a4a0fb73ad762021-12-17 12:31:05.057root 11241100x8000000000000000317256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bd0215950cb68c2021-12-17 12:31:05.057root 11241100x8000000000000000317257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd9f510605a0d132021-12-17 12:31:05.058root 11241100x8000000000000000317258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed689cee3fdbda8f2021-12-17 12:31:05.058root 11241100x8000000000000000317259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f4a321b3e4fbc72021-12-17 12:31:05.058root 11241100x8000000000000000317260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa60a796e9b2a232021-12-17 12:31:05.058root 11241100x8000000000000000317261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e3f3b15a15adb72021-12-17 12:31:05.058root 11241100x8000000000000000317262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1a2b06dd0a4e232021-12-17 12:31:05.058root 11241100x8000000000000000317263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2adedc50cb70dec2021-12-17 12:31:05.058root 11241100x8000000000000000317264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585c1359e1b655482021-12-17 12:31:05.058root 11241100x8000000000000000317265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98b37bcf67021822021-12-17 12:31:05.556root 11241100x8000000000000000317266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d161422cdff54ef2021-12-17 12:31:05.557root 11241100x8000000000000000317267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa2276527a02e852021-12-17 12:31:05.557root 11241100x8000000000000000317268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556e7b706a030c6b2021-12-17 12:31:05.557root 11241100x8000000000000000317269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5a11d1345fc3b62021-12-17 12:31:05.557root 11241100x8000000000000000317270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e4a11a36f0f9ce2021-12-17 12:31:05.557root 11241100x8000000000000000317271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0137de6971da3e092021-12-17 12:31:05.557root 11241100x8000000000000000317272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614957e5271c34ec2021-12-17 12:31:05.557root 11241100x8000000000000000317273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fd447565582e242021-12-17 12:31:05.557root 11241100x8000000000000000317274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be7963aa5918ab02021-12-17 12:31:05.557root 11241100x8000000000000000317275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc97deff03c7cdf2021-12-17 12:31:05.558root 11241100x8000000000000000317276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342ef19cb33f26c92021-12-17 12:31:05.558root 11241100x8000000000000000317277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b03065966334dc62021-12-17 12:31:05.558root 11241100x8000000000000000317278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75bf58f33c8e79d2021-12-17 12:31:06.057root 11241100x8000000000000000317279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb86c1ee5577c20f2021-12-17 12:31:06.057root 11241100x8000000000000000317280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333e508077a0b4c12021-12-17 12:31:06.057root 11241100x8000000000000000317281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263006c3f97168522021-12-17 12:31:06.057root 11241100x8000000000000000317282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b93d278ada00e582021-12-17 12:31:06.057root 11241100x8000000000000000317283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8088e71b8d155e052021-12-17 12:31:06.057root 11241100x8000000000000000317284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683451b8487921632021-12-17 12:31:06.057root 11241100x8000000000000000317285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d1967242349f372021-12-17 12:31:06.057root 11241100x8000000000000000317286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e75f58c38b2c482021-12-17 12:31:06.057root 11241100x8000000000000000317287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05b9c0da97108b82021-12-17 12:31:06.057root 11241100x8000000000000000317288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bdd118da25c1082021-12-17 12:31:06.058root 11241100x8000000000000000317289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c2565ee3f2eac62021-12-17 12:31:06.058root 11241100x8000000000000000317290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50792436cb660fb62021-12-17 12:31:06.058root 11241100x8000000000000000317291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef104dda8cf866a22021-12-17 12:31:06.556root 11241100x8000000000000000317292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9058f5900ac89d2021-12-17 12:31:06.557root 11241100x8000000000000000317293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a4b943ca8f04e62021-12-17 12:31:06.557root 11241100x8000000000000000317294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dc829a3327dbab2021-12-17 12:31:06.557root 11241100x8000000000000000317295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b48d4db69b33a3a2021-12-17 12:31:06.557root 11241100x8000000000000000317296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba5578700c2fcf32021-12-17 12:31:06.557root 11241100x8000000000000000317297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5833c18de72fb2052021-12-17 12:31:06.558root 11241100x8000000000000000317298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff320c653b9e66e2021-12-17 12:31:06.558root 11241100x8000000000000000317299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574fa821a3a6a6272021-12-17 12:31:06.558root 11241100x8000000000000000317300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff721b363a5f2ca2021-12-17 12:31:06.558root 11241100x8000000000000000317301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a9e07bf3cb048b2021-12-17 12:31:06.558root 11241100x8000000000000000317302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7be911ee5da7542021-12-17 12:31:06.558root 11241100x8000000000000000317303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4cea60d23c57792021-12-17 12:31:06.558root 11241100x8000000000000000317304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008a601dc0fc93582021-12-17 12:31:07.057root 11241100x8000000000000000317305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fb5f502e65e32e2021-12-17 12:31:07.057root 11241100x8000000000000000317306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0ebd58ef4bebce2021-12-17 12:31:07.057root 11241100x8000000000000000317307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3601a2444ac7f0952021-12-17 12:31:07.057root 11241100x8000000000000000317308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff8cd672561e612021-12-17 12:31:07.057root 11241100x8000000000000000317309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611ba6cd8d5865ac2021-12-17 12:31:07.057root 11241100x8000000000000000317310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e16cfbc9fd532e2021-12-17 12:31:07.057root 11241100x8000000000000000317311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15175951233741802021-12-17 12:31:07.057root 11241100x8000000000000000317312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8931e621ecbe5c2021-12-17 12:31:07.057root 11241100x8000000000000000317313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9104a35b5348c6a2021-12-17 12:31:07.058root 11241100x8000000000000000317314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219a8edd1f860b2e2021-12-17 12:31:07.058root 11241100x8000000000000000317315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894d0b9c463bec0b2021-12-17 12:31:07.058root 11241100x8000000000000000317316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909539f9f738c75d2021-12-17 12:31:07.058root 354300x8000000000000000317317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.210{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44500-false10.0.1.12-8000- 11241100x8000000000000000317318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58181f18362bfb4c2021-12-17 12:31:07.557root 11241100x8000000000000000317319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4613b0fd6a2cf92021-12-17 12:31:07.557root 11241100x8000000000000000317320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95b6358e7adb1ee2021-12-17 12:31:07.557root 11241100x8000000000000000317321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4626dbef700467102021-12-17 12:31:07.557root 11241100x8000000000000000317322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25acd74dea4e39a52021-12-17 12:31:07.557root 11241100x8000000000000000317323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022c058b109f757e2021-12-17 12:31:07.557root 11241100x8000000000000000317324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9d6dcc930f786a2021-12-17 12:31:07.557root 11241100x8000000000000000317325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d266ce1be1f2ae2021-12-17 12:31:07.557root 11241100x8000000000000000317326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2953e01a718cd30f2021-12-17 12:31:07.557root 11241100x8000000000000000317327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a35661d992194c2021-12-17 12:31:07.557root 11241100x8000000000000000317328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bf9a5cf82ec3602021-12-17 12:31:07.558root 11241100x8000000000000000317329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcc9cd491032de42021-12-17 12:31:07.558root 11241100x8000000000000000317330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34edd1ef63c8fe822021-12-17 12:31:07.558root 11241100x8000000000000000317331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eee4081c12e49e32021-12-17 12:31:07.558root 11241100x8000000000000000317332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20745c1a9a0a86602021-12-17 12:31:08.057root 11241100x8000000000000000317333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5bac2ced0443292021-12-17 12:31:08.057root 11241100x8000000000000000317334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8c655d0a61a2902021-12-17 12:31:08.057root 11241100x8000000000000000317335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae03501a50d1d02021-12-17 12:31:08.057root 11241100x8000000000000000317336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de8c8194f5a59112021-12-17 12:31:08.057root 11241100x8000000000000000317337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6dd775a97e91692021-12-17 12:31:08.057root 11241100x8000000000000000317338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbe599f2dd9c3e92021-12-17 12:31:08.057root 11241100x8000000000000000317339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9b6729ebd4b032021-12-17 12:31:08.057root 11241100x8000000000000000317340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9e62cbc5e7bf4b2021-12-17 12:31:08.057root 11241100x8000000000000000317341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2b4952dde4a1492021-12-17 12:31:08.057root 11241100x8000000000000000317342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383dfa80121b88792021-12-17 12:31:08.057root 11241100x8000000000000000317343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f268de12d4fc7cdf2021-12-17 12:31:08.057root 11241100x8000000000000000317344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e42b7d554e553512021-12-17 12:31:08.057root 11241100x8000000000000000317345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c6fec2a3e5402a2021-12-17 12:31:08.057root 11241100x8000000000000000317346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ea5a0c4b7366ef2021-12-17 12:31:08.557root 11241100x8000000000000000317347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddf915e80a910bd2021-12-17 12:31:08.557root 11241100x8000000000000000317348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081afb75293442c82021-12-17 12:31:08.557root 11241100x8000000000000000317349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c23c39f94624432021-12-17 12:31:08.557root 11241100x8000000000000000317350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d254ac94eb0c312021-12-17 12:31:08.557root 11241100x8000000000000000317351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8716e69dbf92932021-12-17 12:31:08.557root 11241100x8000000000000000317352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35714b0a0701d942021-12-17 12:31:08.557root 11241100x8000000000000000317353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aacc83b78dc9392021-12-17 12:31:08.557root 11241100x8000000000000000317354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5629a39598afa1f42021-12-17 12:31:08.557root 11241100x8000000000000000317355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89392daa9be73b352021-12-17 12:31:08.557root 11241100x8000000000000000317356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8674739d407a0892021-12-17 12:31:08.557root 11241100x8000000000000000317357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a85345b8ed04d102021-12-17 12:31:08.557root 11241100x8000000000000000317358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236ed6e254ffef9d2021-12-17 12:31:08.557root 11241100x8000000000000000317359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b8ed5a902b34402021-12-17 12:31:08.557root 11241100x8000000000000000317360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0b5c59c21430a12021-12-17 12:31:09.057root 11241100x8000000000000000317361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3690a33631b56fd2021-12-17 12:31:09.057root 11241100x8000000000000000317362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2c4eb8075c2d522021-12-17 12:31:09.057root 11241100x8000000000000000317363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2604b53307f7e7be2021-12-17 12:31:09.057root 11241100x8000000000000000317364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd5112ec56776fd2021-12-17 12:31:09.057root 11241100x8000000000000000317365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5501e4cf07b9062021-12-17 12:31:09.057root 11241100x8000000000000000317366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1cd145df53c35a2021-12-17 12:31:09.057root 11241100x8000000000000000317367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a44bca3990b5fb2021-12-17 12:31:09.057root 11241100x8000000000000000317368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2852906831e3b9802021-12-17 12:31:09.057root 11241100x8000000000000000317369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e6270daaf0ac612021-12-17 12:31:09.057root 11241100x8000000000000000317370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece10f0940c78d702021-12-17 12:31:09.057root 11241100x8000000000000000317371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1625723ec6c6f83d2021-12-17 12:31:09.057root 11241100x8000000000000000317372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975467ac69b3b5dd2021-12-17 12:31:09.058root 11241100x8000000000000000317373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929d03698219a3b32021-12-17 12:31:09.058root 11241100x8000000000000000317374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77b6acf19deda4b2021-12-17 12:31:09.557root 11241100x8000000000000000317375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e179c668b58ece9b2021-12-17 12:31:09.557root 11241100x8000000000000000317376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f135dd194f580422021-12-17 12:31:09.557root 11241100x8000000000000000317377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3085a16405432642021-12-17 12:31:09.557root 11241100x8000000000000000317378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81137b13ecefbc32021-12-17 12:31:09.557root 11241100x8000000000000000317379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed876a5935277192021-12-17 12:31:09.557root 11241100x8000000000000000317380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d49a8907e53f3e2021-12-17 12:31:09.557root 11241100x8000000000000000317381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d2f01031c3004f2021-12-17 12:31:09.557root 11241100x8000000000000000317382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c98305ae50604f32021-12-17 12:31:09.557root 11241100x8000000000000000317383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbb3276b0f8cf522021-12-17 12:31:09.557root 11241100x8000000000000000317384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d33242a402e896a2021-12-17 12:31:09.557root 11241100x8000000000000000317385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5c20f4fd66e28e2021-12-17 12:31:09.557root 11241100x8000000000000000317386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e93247226679b82021-12-17 12:31:09.557root 11241100x8000000000000000317387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab5e14301dc3c562021-12-17 12:31:09.557root 11241100x8000000000000000317388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f077dfa058955e5f2021-12-17 12:31:10.057root 11241100x8000000000000000317389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450f60a1da4e3de12021-12-17 12:31:10.057root 11241100x8000000000000000317390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd03d27a8e0baea2021-12-17 12:31:10.057root 11241100x8000000000000000317391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dd8b2b1c8e3e6c2021-12-17 12:31:10.057root 11241100x8000000000000000317392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52421a7555dc58332021-12-17 12:31:10.057root 11241100x8000000000000000317393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09b1d7cbf0ea34f2021-12-17 12:31:10.057root 11241100x8000000000000000317394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8536cd7b921b1ff32021-12-17 12:31:10.057root 11241100x8000000000000000317395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6804f5615811772021-12-17 12:31:10.057root 11241100x8000000000000000317396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2687235b113fae2021-12-17 12:31:10.057root 11241100x8000000000000000317397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893096a3e8e8b9e52021-12-17 12:31:10.057root 11241100x8000000000000000317398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce272b1ed3c1959a2021-12-17 12:31:10.057root 11241100x8000000000000000317399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51b91fa6ae1c1ef2021-12-17 12:31:10.057root 11241100x8000000000000000317400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495585f305eb09982021-12-17 12:31:10.058root 11241100x8000000000000000317401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ddba9669e47e452021-12-17 12:31:10.058root 11241100x8000000000000000317402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff875bd936686cf2021-12-17 12:31:10.557root 11241100x8000000000000000317403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc33bcc15ffff1742021-12-17 12:31:10.557root 11241100x8000000000000000317404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1d837218c3ce92021-12-17 12:31:10.557root 11241100x8000000000000000317405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a367cc06e2d64c232021-12-17 12:31:10.557root 11241100x8000000000000000317406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99483110b86106612021-12-17 12:31:10.557root 11241100x8000000000000000317407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747f37cc4482d3972021-12-17 12:31:10.557root 11241100x8000000000000000317408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4b7ec7e44f64292021-12-17 12:31:10.557root 11241100x8000000000000000317409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685dc570892754a32021-12-17 12:31:10.557root 11241100x8000000000000000317410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9f0bcc61c472252021-12-17 12:31:10.557root 11241100x8000000000000000317411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ecf16e03243f022021-12-17 12:31:10.557root 11241100x8000000000000000317412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1941e43233282b7a2021-12-17 12:31:10.557root 11241100x8000000000000000317413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35d59f149676b2d2021-12-17 12:31:10.557root 11241100x8000000000000000317414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65e7f9da4bf42032021-12-17 12:31:10.558root 11241100x8000000000000000317415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941b5d47f913d41c2021-12-17 12:31:10.558root 11241100x8000000000000000317416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99fe517a0d969722021-12-17 12:31:11.057root 11241100x8000000000000000317417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52f56c40e0c86b12021-12-17 12:31:11.057root 11241100x8000000000000000317418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9cc7401bde17222021-12-17 12:31:11.057root 11241100x8000000000000000317419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7b042275db570d2021-12-17 12:31:11.057root 11241100x8000000000000000317420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1602ebff884e4b2021-12-17 12:31:11.057root 11241100x8000000000000000317421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92417d11adc6ba142021-12-17 12:31:11.057root 11241100x8000000000000000317422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6141c1d6b8449f12021-12-17 12:31:11.057root 11241100x8000000000000000317423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11430e016ae963eb2021-12-17 12:31:11.057root 11241100x8000000000000000317424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3085062f15c645a22021-12-17 12:31:11.057root 11241100x8000000000000000317425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93401a9c0ea372a62021-12-17 12:31:11.057root 11241100x8000000000000000317426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c58eae871acfe92021-12-17 12:31:11.058root 11241100x8000000000000000317427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4a72addad0662f2021-12-17 12:31:11.058root 11241100x8000000000000000317428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231c84bc451e7a522021-12-17 12:31:11.058root 11241100x8000000000000000317429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567f440564f5099f2021-12-17 12:31:11.058root 11241100x8000000000000000317430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d048365dbb5308802021-12-17 12:31:11.557root 11241100x8000000000000000317431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1da93356b6a44f2021-12-17 12:31:11.557root 11241100x8000000000000000317432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce990bebb15d95a2021-12-17 12:31:11.557root 11241100x8000000000000000317433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7395bce7c486a02021-12-17 12:31:11.557root 11241100x8000000000000000317434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dbac1f871d6fce2021-12-17 12:31:11.557root 11241100x8000000000000000317435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edea853dad584152021-12-17 12:31:11.557root 11241100x8000000000000000317436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7046755de14c347e2021-12-17 12:31:11.557root 11241100x8000000000000000317437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f85de1c321ebeb2021-12-17 12:31:11.558root 11241100x8000000000000000317438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c5083991de620f2021-12-17 12:31:11.558root 11241100x8000000000000000317439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e0971a615882072021-12-17 12:31:11.558root 11241100x8000000000000000317440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a2d5f39bc777a72021-12-17 12:31:11.558root 11241100x8000000000000000317441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f777af057c2def4c2021-12-17 12:31:11.558root 11241100x8000000000000000317442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515cfc4d71727f3e2021-12-17 12:31:11.558root 11241100x8000000000000000317443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938473c4f4fea36d2021-12-17 12:31:11.558root 11241100x8000000000000000317444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e751dfb5a791852021-12-17 12:31:12.057root 11241100x8000000000000000317445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8275cc74e9a660152021-12-17 12:31:12.057root 11241100x8000000000000000317446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47c021810f93f552021-12-17 12:31:12.057root 11241100x8000000000000000317447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b0ec9a05fb723d2021-12-17 12:31:12.057root 11241100x8000000000000000317448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327c5f0795e51ab82021-12-17 12:31:12.057root 11241100x8000000000000000317449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82babe992d81d62a2021-12-17 12:31:12.057root 11241100x8000000000000000317450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7748d490c29f96da2021-12-17 12:31:12.057root 11241100x8000000000000000317451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7476d4fda2a59222021-12-17 12:31:12.057root 11241100x8000000000000000317452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0d8e4f49403ae52021-12-17 12:31:12.057root 11241100x8000000000000000317453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3fe245d806c2a2021-12-17 12:31:12.057root 11241100x8000000000000000317454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01421a5b18178152021-12-17 12:31:12.057root 11241100x8000000000000000317455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb3b63ad44db1e42021-12-17 12:31:12.057root 11241100x8000000000000000317456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a443e5ef66406572021-12-17 12:31:12.058root 11241100x8000000000000000317457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ad6fc287b21bc02021-12-17 12:31:12.058root 11241100x8000000000000000317458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa335dcadae5a7d32021-12-17 12:31:12.557root 11241100x8000000000000000317459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bd2dfc9107f1e92021-12-17 12:31:12.557root 11241100x8000000000000000317460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30ff534439397612021-12-17 12:31:12.557root 11241100x8000000000000000317461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381a3ff9e79d1c552021-12-17 12:31:12.557root 11241100x8000000000000000317462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d47e1e14dae85a32021-12-17 12:31:12.557root 11241100x8000000000000000317463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7b7908dd13231d2021-12-17 12:31:12.557root 11241100x8000000000000000317464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c733cf4a50a494122021-12-17 12:31:12.557root 11241100x8000000000000000317465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8550b632fcc65a502021-12-17 12:31:12.557root 11241100x8000000000000000317466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fe380d3a71e3442021-12-17 12:31:12.557root 11241100x8000000000000000317467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ac6cb8ee7e59292021-12-17 12:31:12.557root 11241100x8000000000000000317468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093a4617cf72928d2021-12-17 12:31:12.557root 11241100x8000000000000000317469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba281de59043555c2021-12-17 12:31:12.557root 11241100x8000000000000000317470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e929ae4c3c09dfc92021-12-17 12:31:12.557root 11241100x8000000000000000317471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720f3819e4a239b32021-12-17 12:31:12.558root 11241100x8000000000000000317472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e938f78992f0afb72021-12-17 12:31:13.057root 11241100x8000000000000000317473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59105fa18d2792eb2021-12-17 12:31:13.057root 11241100x8000000000000000317474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc123cafd412ed252021-12-17 12:31:13.057root 11241100x8000000000000000317475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35ef3ca63c29b2f2021-12-17 12:31:13.057root 11241100x8000000000000000317476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ea8f7bfd0ef86c2021-12-17 12:31:13.057root 11241100x8000000000000000317477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5545c4b5681ce8d62021-12-17 12:31:13.057root 11241100x8000000000000000317478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6b41400e8323692021-12-17 12:31:13.057root 11241100x8000000000000000317479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b559bacf7e4f9252021-12-17 12:31:13.057root 11241100x8000000000000000317480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04bdd4e3ce7737c2021-12-17 12:31:13.057root 11241100x8000000000000000317481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb636c92740b43d2021-12-17 12:31:13.057root 11241100x8000000000000000317482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cf5241b903983f2021-12-17 12:31:13.057root 11241100x8000000000000000317483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558df47430aebade2021-12-17 12:31:13.058root 11241100x8000000000000000317484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916c8222ffb2820b2021-12-17 12:31:13.058root 11241100x8000000000000000317485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d1cb39882587272021-12-17 12:31:13.058root 11241100x8000000000000000317486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2339df23ac1aac2021-12-17 12:31:13.557root 11241100x8000000000000000317487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79fa5c66b9187452021-12-17 12:31:13.557root 11241100x8000000000000000317488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9b48795af5f7ae2021-12-17 12:31:13.557root 11241100x8000000000000000317489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b585166534d470a2021-12-17 12:31:13.557root 11241100x8000000000000000317490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7787c7c0646853d2021-12-17 12:31:13.557root 11241100x8000000000000000317491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba7f2c9cc29db692021-12-17 12:31:13.557root 11241100x8000000000000000317492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c883896a233c548c2021-12-17 12:31:13.557root 11241100x8000000000000000317493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a83bf8d1bd35cd2021-12-17 12:31:13.557root 11241100x8000000000000000317494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c73f5be93c63552021-12-17 12:31:13.557root 11241100x8000000000000000317495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5baccb75ea179a22021-12-17 12:31:13.557root 11241100x8000000000000000317496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73748705860fe0c52021-12-17 12:31:13.557root 11241100x8000000000000000317497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2090dda2d4246e8b2021-12-17 12:31:13.557root 11241100x8000000000000000317498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b380f70c63caa42021-12-17 12:31:13.557root 11241100x8000000000000000317499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f5c65e32440a062021-12-17 12:31:13.558root 11241100x8000000000000000317500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d9466dfe20eed22021-12-17 12:31:14.057root 11241100x8000000000000000317501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936136fd13837cc12021-12-17 12:31:14.057root 11241100x8000000000000000317502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d2714d621b7ec82021-12-17 12:31:14.058root 11241100x8000000000000000317503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c5de58cc715de92021-12-17 12:31:14.058root 11241100x8000000000000000317504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151c32330b8c58de2021-12-17 12:31:14.059root 11241100x8000000000000000317505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af5e031ea17b52e2021-12-17 12:31:14.059root 11241100x8000000000000000317506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83334c47238f6dc72021-12-17 12:31:14.059root 11241100x8000000000000000317507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39938a14628b3d0c2021-12-17 12:31:14.059root 11241100x8000000000000000317508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921e89bbf25325d32021-12-17 12:31:14.059root 11241100x8000000000000000317509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5395a3836d8e102021-12-17 12:31:14.060root 11241100x8000000000000000317510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc743374754e4bc2021-12-17 12:31:14.060root 11241100x8000000000000000317511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8dae31a2c02a922021-12-17 12:31:14.060root 11241100x8000000000000000317512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a44616cf17dfd0a2021-12-17 12:31:14.060root 11241100x8000000000000000317513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa146b3bd9a8ffa12021-12-17 12:31:14.060root 11241100x8000000000000000317514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab64303c9708368b2021-12-17 12:31:14.557root 11241100x8000000000000000317515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccb2e6b90262c2e2021-12-17 12:31:14.557root 11241100x8000000000000000317516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c11f8eec4a251c2021-12-17 12:31:14.557root 11241100x8000000000000000317517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae49c0f7feefa2b72021-12-17 12:31:14.557root 11241100x8000000000000000317518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d34fd897f732d1b2021-12-17 12:31:14.557root 11241100x8000000000000000317519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecf6e04e1b824772021-12-17 12:31:14.557root 11241100x8000000000000000317520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549717e4ed4b60082021-12-17 12:31:14.557root 11241100x8000000000000000317521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03a13e4c1d057362021-12-17 12:31:14.557root 11241100x8000000000000000317522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769367b5320814c22021-12-17 12:31:14.557root 11241100x8000000000000000317523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db224fc2a93e9812021-12-17 12:31:14.558root 11241100x8000000000000000317524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ee1e44e9c50d992021-12-17 12:31:14.558root 11241100x8000000000000000317525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1953ab34af04ec9f2021-12-17 12:31:14.558root 11241100x8000000000000000317526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0596f5bf5e0342021-12-17 12:31:14.558root 11241100x8000000000000000317527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12700226cb1f3642021-12-17 12:31:14.558root 11241100x8000000000000000317528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c883a23a042872392021-12-17 12:31:15.057root 11241100x8000000000000000317529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428d9285a904692b2021-12-17 12:31:15.057root 11241100x8000000000000000317530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f803dea913f1b6e02021-12-17 12:31:15.057root 11241100x8000000000000000317531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1664944930c662f02021-12-17 12:31:15.057root 11241100x8000000000000000317532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b45929ae0a6fd612021-12-17 12:31:15.057root 11241100x8000000000000000317533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8a5646b3016ee12021-12-17 12:31:15.057root 11241100x8000000000000000317534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3419c9dafb9a142021-12-17 12:31:15.057root 11241100x8000000000000000317535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a202f6974f422f072021-12-17 12:31:15.057root 11241100x8000000000000000317536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2481124501940cff2021-12-17 12:31:15.057root 11241100x8000000000000000317537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c3915f710a026b2021-12-17 12:31:15.058root 11241100x8000000000000000317538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdce204837e196a22021-12-17 12:31:15.058root 11241100x8000000000000000317539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da0ed07ce74cb6f2021-12-17 12:31:15.058root 11241100x8000000000000000317540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cf5a2f450ee42e2021-12-17 12:31:15.058root 11241100x8000000000000000317541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5196cfdc7c8137422021-12-17 12:31:15.058root 11241100x8000000000000000317542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cfc0dcfc7d30052021-12-17 12:31:15.557root 11241100x8000000000000000317543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41211c653449cb642021-12-17 12:31:15.557root 11241100x8000000000000000317544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e06301b8434a532021-12-17 12:31:15.557root 11241100x8000000000000000317545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cde09ec7078e2f2021-12-17 12:31:15.557root 11241100x8000000000000000317546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0325ffe266b8d22c2021-12-17 12:31:15.557root 11241100x8000000000000000317547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707d7af0d134aaa62021-12-17 12:31:15.557root 11241100x8000000000000000317548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80431527eac5d4372021-12-17 12:31:15.557root 11241100x8000000000000000317549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504d45e6c1bb70b52021-12-17 12:31:15.557root 11241100x8000000000000000317550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982a65e989c72bd02021-12-17 12:31:15.557root 11241100x8000000000000000317551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8385120828e52e392021-12-17 12:31:15.557root 11241100x8000000000000000317552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b90e9b1e5ef16452021-12-17 12:31:15.557root 11241100x8000000000000000317553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1a27812de855ac2021-12-17 12:31:15.557root 11241100x8000000000000000317554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cde9746205a06282021-12-17 12:31:15.557root 11241100x8000000000000000317555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ad680f04fd51fb2021-12-17 12:31:15.558root 11241100x8000000000000000317556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ac673af0e4b8282021-12-17 12:31:16.057root 11241100x8000000000000000317557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4278249ad23806a2021-12-17 12:31:16.057root 11241100x8000000000000000317558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa1951d3eb2c6292021-12-17 12:31:16.057root 11241100x8000000000000000317559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1fcb664b47897c2021-12-17 12:31:16.057root 11241100x8000000000000000317560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b0a86dc0b977e12021-12-17 12:31:16.057root 11241100x8000000000000000317561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aa451ec06e7d502021-12-17 12:31:16.057root 11241100x8000000000000000317562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b610f5459c96ab852021-12-17 12:31:16.057root 11241100x8000000000000000317563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1729c60f9f670e2021-12-17 12:31:16.057root 11241100x8000000000000000317564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834874c718972a1d2021-12-17 12:31:16.057root 11241100x8000000000000000317565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a927fb23d65aeb812021-12-17 12:31:16.057root 11241100x8000000000000000317566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cc1fe9299caf8f2021-12-17 12:31:16.057root 11241100x8000000000000000317567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96434452491d1ac42021-12-17 12:31:16.058root 11241100x8000000000000000317568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd039f2aaa490c92021-12-17 12:31:16.058root 11241100x8000000000000000317569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a7cbcef2b333992021-12-17 12:31:16.058root 11241100x8000000000000000317570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b09adc33231acf2021-12-17 12:31:16.557root 11241100x8000000000000000317571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c0227ab72cbf3d2021-12-17 12:31:16.557root 11241100x8000000000000000317572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623d4275e1a795c22021-12-17 12:31:16.557root 11241100x8000000000000000317573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b1483920c555ee2021-12-17 12:31:16.557root 11241100x8000000000000000317574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90c1ef8e1af9c942021-12-17 12:31:16.557root 11241100x8000000000000000317575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ab390f937e55a52021-12-17 12:31:16.557root 11241100x8000000000000000317576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c5f5946c0ca4042021-12-17 12:31:16.557root 11241100x8000000000000000317577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7974073df7d2dfb92021-12-17 12:31:16.557root 11241100x8000000000000000317578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd66e18712b38c62021-12-17 12:31:16.557root 11241100x8000000000000000317579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423f21eec76daf502021-12-17 12:31:16.557root 11241100x8000000000000000317580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5857eb296f27c4a62021-12-17 12:31:16.557root 11241100x8000000000000000317581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693597d771c2f3b92021-12-17 12:31:16.558root 11241100x8000000000000000317582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239c97d51ac75fe72021-12-17 12:31:16.558root 11241100x8000000000000000317583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e010da7cc2533bb42021-12-17 12:31:16.558root 11241100x8000000000000000317584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7205f83e0eb8e6ec2021-12-17 12:31:17.057root 11241100x8000000000000000317585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3079e45a61880082021-12-17 12:31:17.057root 11241100x8000000000000000317586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8109db76408398342021-12-17 12:31:17.057root 11241100x8000000000000000317587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a9eff30e8afea72021-12-17 12:31:17.057root 11241100x8000000000000000317588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e27314f65f7eb22021-12-17 12:31:17.057root 11241100x8000000000000000317589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b093b0d26f3375402021-12-17 12:31:17.057root 11241100x8000000000000000317590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e03236d1dbcea922021-12-17 12:31:17.057root 11241100x8000000000000000317591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ffa14a68df2b6c2021-12-17 12:31:17.057root 11241100x8000000000000000317592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481280951aa2eab22021-12-17 12:31:17.057root 11241100x8000000000000000317593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceccbaf18f55c4892021-12-17 12:31:17.057root 11241100x8000000000000000317594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6edb395ff84d1a2021-12-17 12:31:17.057root 11241100x8000000000000000317595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd0f701f1d9cbfd2021-12-17 12:31:17.058root 11241100x8000000000000000317596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0348848971e7342021-12-17 12:31:17.058root 11241100x8000000000000000317597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399ff3b49adc42f12021-12-17 12:31:17.058root 11241100x8000000000000000317598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fa9edbf557f97d2021-12-17 12:31:17.557root 11241100x8000000000000000317599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f9650985c5ed892021-12-17 12:31:17.557root 11241100x8000000000000000317600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4492254103fc46282021-12-17 12:31:17.557root 11241100x8000000000000000317601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc25a2f92fda11182021-12-17 12:31:17.557root 11241100x8000000000000000317602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec17e74bd69241b2021-12-17 12:31:17.557root 11241100x8000000000000000317603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cc1a4dce9c769d2021-12-17 12:31:17.557root 11241100x8000000000000000317604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f11f84942686f902021-12-17 12:31:17.557root 11241100x8000000000000000317605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc494db9049150262021-12-17 12:31:17.557root 11241100x8000000000000000317606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d09f3333e773972021-12-17 12:31:17.557root 11241100x8000000000000000317607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b894342c8f9aba2d2021-12-17 12:31:17.557root 11241100x8000000000000000317608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674e906f661ba00a2021-12-17 12:31:17.557root 11241100x8000000000000000317609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97596799cbefb6362021-12-17 12:31:17.557root 11241100x8000000000000000317610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22d5d328e0816312021-12-17 12:31:17.558root 11241100x8000000000000000317611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecc44f34749afba2021-12-17 12:31:17.558root 11241100x8000000000000000317612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fe9a2471bef7732021-12-17 12:31:18.057root 11241100x8000000000000000317613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5c96daada3ee5e2021-12-17 12:31:18.057root 11241100x8000000000000000317614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ba8393988a550a2021-12-17 12:31:18.057root 11241100x8000000000000000317615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a074a837846e95f32021-12-17 12:31:18.057root 11241100x8000000000000000317616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5293c35e1ff715b2021-12-17 12:31:18.057root 11241100x8000000000000000317617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dbb96b4dc932cd2021-12-17 12:31:18.057root 11241100x8000000000000000317618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f66c2d670a54cc2021-12-17 12:31:18.057root 11241100x8000000000000000317619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325bc6745a26c61d2021-12-17 12:31:18.057root 11241100x8000000000000000317620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe210c4dea683432021-12-17 12:31:18.057root 11241100x8000000000000000317621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82267d81a7c502ed2021-12-17 12:31:18.057root 11241100x8000000000000000317622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11975796fc6fd412021-12-17 12:31:18.057root 11241100x8000000000000000317623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27de388437a2dbe52021-12-17 12:31:18.057root 11241100x8000000000000000317624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f0954e3b10d5f62021-12-17 12:31:18.057root 11241100x8000000000000000317625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3f07d87daff6562021-12-17 12:31:18.058root 354300x8000000000000000317626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.235{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44504-false10.0.1.12-8000- 11241100x8000000000000000317627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2681a64e5ac76302021-12-17 12:31:18.557root 11241100x8000000000000000317628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69286994dfc1ebed2021-12-17 12:31:18.557root 11241100x8000000000000000317629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f23e3bd68a3e582021-12-17 12:31:18.557root 11241100x8000000000000000317630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b27d648a26f0612021-12-17 12:31:18.557root 11241100x8000000000000000317631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327d7fab90523d572021-12-17 12:31:18.557root 11241100x8000000000000000317632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a9fb3e2d53816f2021-12-17 12:31:18.557root 11241100x8000000000000000317633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8530b4db42528aec2021-12-17 12:31:18.557root 11241100x8000000000000000317634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261410e2a2dc67a02021-12-17 12:31:18.557root 11241100x8000000000000000317635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b17d762d979ad312021-12-17 12:31:18.557root 11241100x8000000000000000317636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6243d714a98a67712021-12-17 12:31:18.558root 11241100x8000000000000000317637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072f243d81d425df2021-12-17 12:31:18.558root 11241100x8000000000000000317638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb1874f4c6065932021-12-17 12:31:18.558root 11241100x8000000000000000317639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e742a374bb2e050c2021-12-17 12:31:18.558root 11241100x8000000000000000317640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8c5f44bb83ec182021-12-17 12:31:18.558root 11241100x8000000000000000317641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b0b0f0cb239d972021-12-17 12:31:18.558root 11241100x8000000000000000317642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2fa8062448878e2021-12-17 12:31:19.057root 11241100x8000000000000000317643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abea81b6e9c65fa62021-12-17 12:31:19.057root 11241100x8000000000000000317644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf3247581f92f062021-12-17 12:31:19.057root 11241100x8000000000000000317645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfcafc6356e74012021-12-17 12:31:19.057root 11241100x8000000000000000317646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54785c252d76b9842021-12-17 12:31:19.057root 11241100x8000000000000000317647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e39d68b33d3a482021-12-17 12:31:19.057root 11241100x8000000000000000317648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc836b11010da9d2021-12-17 12:31:19.057root 11241100x8000000000000000317649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82324af5c88f8dfd2021-12-17 12:31:19.057root 11241100x8000000000000000317650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2046aec08d4fa182021-12-17 12:31:19.057root 11241100x8000000000000000317651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d9fe507239e5962021-12-17 12:31:19.057root 11241100x8000000000000000317652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b2a5dd6ce8908b2021-12-17 12:31:19.057root 11241100x8000000000000000317653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fb1dcdf44dfbc42021-12-17 12:31:19.057root 11241100x8000000000000000317654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68275e68ed57f0ca2021-12-17 12:31:19.058root 11241100x8000000000000000317655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b5eea5b534fe822021-12-17 12:31:19.058root 11241100x8000000000000000317656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef00cfb62cbb2dc42021-12-17 12:31:19.058root 11241100x8000000000000000317657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b471e729c0c1552021-12-17 12:31:19.557root 11241100x8000000000000000317658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c2251e52ac12102021-12-17 12:31:19.557root 11241100x8000000000000000317659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fc68aae01840b02021-12-17 12:31:19.557root 11241100x8000000000000000317660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e0e112ba0d9c302021-12-17 12:31:19.557root 11241100x8000000000000000317661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb1ebc3918e5f812021-12-17 12:31:19.557root 11241100x8000000000000000317662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab2a9d51bb65c002021-12-17 12:31:19.557root 11241100x8000000000000000317663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba034aa4d63566c2021-12-17 12:31:19.557root 11241100x8000000000000000317664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff0086d61d2320c2021-12-17 12:31:19.557root 11241100x8000000000000000317665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5a9420f1ac97502021-12-17 12:31:19.557root 11241100x8000000000000000317666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ab51ea1a25f2fa2021-12-17 12:31:19.557root 11241100x8000000000000000317667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36f72bd26bb2cfa2021-12-17 12:31:19.557root 11241100x8000000000000000317668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576b76b1690c0d472021-12-17 12:31:19.557root 11241100x8000000000000000317669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c38f96084376d32021-12-17 12:31:19.557root 11241100x8000000000000000317670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea38e2d15915fe9e2021-12-17 12:31:19.558root 11241100x8000000000000000317671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc673d6841f9c7f52021-12-17 12:31:19.558root 11241100x8000000000000000317672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c0abe9ca6febfb2021-12-17 12:31:20.057root 11241100x8000000000000000317673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207c0d61d683dfb82021-12-17 12:31:20.057root 11241100x8000000000000000317674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ed3d11924018552021-12-17 12:31:20.057root 11241100x8000000000000000317675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c71c621a11b74c72021-12-17 12:31:20.057root 11241100x8000000000000000317676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95058901240152c72021-12-17 12:31:20.057root 11241100x8000000000000000317677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed06ee7c7fb901f2021-12-17 12:31:20.057root 11241100x8000000000000000317678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f5da2a591e2e222021-12-17 12:31:20.057root 11241100x8000000000000000317679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055c229dfa6866422021-12-17 12:31:20.057root 11241100x8000000000000000317680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ae79a62ad123eb2021-12-17 12:31:20.057root 11241100x8000000000000000317681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6b4d70d64e31052021-12-17 12:31:20.057root 11241100x8000000000000000317682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66a48930eae42312021-12-17 12:31:20.057root 11241100x8000000000000000317683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7cd0b31f041a592021-12-17 12:31:20.057root 11241100x8000000000000000317684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6707fd221037d8f72021-12-17 12:31:20.058root 11241100x8000000000000000317685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f846a135d22eb352021-12-17 12:31:20.058root 11241100x8000000000000000317686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addb5b5f5e5c545e2021-12-17 12:31:20.058root 11241100x8000000000000000317687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b61f06394c4881d2021-12-17 12:31:20.557root 11241100x8000000000000000317688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839d1eefc18d5cc92021-12-17 12:31:20.557root 11241100x8000000000000000317689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f078585771f5c1c2021-12-17 12:31:20.557root 11241100x8000000000000000317690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fb7f238f6b4b932021-12-17 12:31:20.557root 11241100x8000000000000000317691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccfe6829572234d2021-12-17 12:31:20.557root 11241100x8000000000000000317692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d092e5d6c4bad9e62021-12-17 12:31:20.557root 11241100x8000000000000000317693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f5b9e52227c1222021-12-17 12:31:20.557root 11241100x8000000000000000317694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3558ebc444b48c3e2021-12-17 12:31:20.557root 11241100x8000000000000000317695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e384937c6127bcb02021-12-17 12:31:20.557root 11241100x8000000000000000317696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09dbdb07846bf4f2021-12-17 12:31:20.557root 11241100x8000000000000000317697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eb1de408273a082021-12-17 12:31:20.557root 11241100x8000000000000000317698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f922f64ddc2ac9b62021-12-17 12:31:20.557root 11241100x8000000000000000317699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeac8865fe5790f52021-12-17 12:31:20.557root 11241100x8000000000000000317700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8202eefe8da87d2021-12-17 12:31:20.558root 11241100x8000000000000000317701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e54f1cfc13ff412021-12-17 12:31:20.558root 154100x8000000000000000317702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.603{ec28ba6a-8318-61bc-6814-cab605560000}9586/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec28ba6a-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2255--- 534500x8000000000000000317703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:20.617{ec28ba6a-8318-61bc-6814-cab605560000}9586/bin/psroot 11241100x8000000000000000317704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafad00c18c6a4c52021-12-17 12:31:21.057root 11241100x8000000000000000317705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0ff940f0001a3d2021-12-17 12:31:21.057root 11241100x8000000000000000317706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e7facd06761f142021-12-17 12:31:21.057root 11241100x8000000000000000317707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4117356d613de6792021-12-17 12:31:21.057root 11241100x8000000000000000317708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f16701c0240f042021-12-17 12:31:21.057root 11241100x8000000000000000317709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41cf96213b1e5722021-12-17 12:31:21.057root 11241100x8000000000000000317710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6b68c57a13b7eb2021-12-17 12:31:21.057root 11241100x8000000000000000317711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be195015d69e6aa2021-12-17 12:31:21.057root 11241100x8000000000000000317712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9962309e4c9806c2021-12-17 12:31:21.058root 11241100x8000000000000000317713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b045b22748ba1eb72021-12-17 12:31:21.058root 11241100x8000000000000000317714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53c41b858ffdab92021-12-17 12:31:21.058root 11241100x8000000000000000317715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7939f8366d5627ad2021-12-17 12:31:21.058root 11241100x8000000000000000317716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c586955d210944b2021-12-17 12:31:21.058root 11241100x8000000000000000317717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e3d3367b0676ab2021-12-17 12:31:21.058root 11241100x8000000000000000317718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0863cb2e4a5ae02021-12-17 12:31:21.058root 11241100x8000000000000000317719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e4ef9a3b1ac7a72021-12-17 12:31:21.058root 11241100x8000000000000000317720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6837a6be2f1dd0922021-12-17 12:31:21.058root 11241100x8000000000000000317721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7d6a3c4d1fd0762021-12-17 12:31:21.557root 11241100x8000000000000000317722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de8b0e117472b432021-12-17 12:31:21.557root 11241100x8000000000000000317723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180a7fa18e4f929b2021-12-17 12:31:21.557root 11241100x8000000000000000317724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afae5d105cd22cd2021-12-17 12:31:21.557root 11241100x8000000000000000317725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b933a2976d5c672021-12-17 12:31:21.557root 11241100x8000000000000000317726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab25bb762145b3d2021-12-17 12:31:21.557root 11241100x8000000000000000317727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691b832272d708ad2021-12-17 12:31:21.558root 11241100x8000000000000000317728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df077b8a8963ab042021-12-17 12:31:21.558root 11241100x8000000000000000317729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3c2a464a8241222021-12-17 12:31:21.558root 11241100x8000000000000000317730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e839131e2dc96a72021-12-17 12:31:21.558root 11241100x8000000000000000317731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f623ab65b7b1af2021-12-17 12:31:21.558root 11241100x8000000000000000317732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f8f6dd7d21ab6c2021-12-17 12:31:21.558root 11241100x8000000000000000317733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c58c32e6cf36be02021-12-17 12:31:21.558root 11241100x8000000000000000317734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdc45cc5d211def2021-12-17 12:31:21.558root 11241100x8000000000000000317735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358aa0653a25e4412021-12-17 12:31:21.558root 11241100x8000000000000000317736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3261f34d46eb5a662021-12-17 12:31:21.558root 11241100x8000000000000000317737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5f170587a0f4582021-12-17 12:31:21.558root 11241100x8000000000000000317738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7328541e819bed2021-12-17 12:31:22.057root 11241100x8000000000000000317739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1ec30c178419972021-12-17 12:31:22.057root 11241100x8000000000000000317740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901905e73fa3ab302021-12-17 12:31:22.057root 11241100x8000000000000000317741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689245b2a1f07f2c2021-12-17 12:31:22.057root 11241100x8000000000000000317742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352ef24c9642b9c12021-12-17 12:31:22.057root 11241100x8000000000000000317743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61caf5c3db369af72021-12-17 12:31:22.057root 11241100x8000000000000000317744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d995d710bea70bd32021-12-17 12:31:22.057root 11241100x8000000000000000317745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dffca6eb4a957042021-12-17 12:31:22.057root 11241100x8000000000000000317746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f78a311dcd496fe2021-12-17 12:31:22.057root 11241100x8000000000000000317747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2749723abe866cb2021-12-17 12:31:22.058root 11241100x8000000000000000317748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72764ad277e745322021-12-17 12:31:22.058root 11241100x8000000000000000317749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d386798b8619b4c2021-12-17 12:31:22.058root 11241100x8000000000000000317750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b5896be3fd56582021-12-17 12:31:22.058root 11241100x8000000000000000317751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42251048775fe0b22021-12-17 12:31:22.058root 11241100x8000000000000000317752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a478418456bf43b32021-12-17 12:31:22.058root 11241100x8000000000000000317753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466a549de7600d2a2021-12-17 12:31:22.058root 11241100x8000000000000000317754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546a64fc1a34caf82021-12-17 12:31:22.058root 11241100x8000000000000000317755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5e0cd394203d622021-12-17 12:31:22.557root 11241100x8000000000000000317756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8434014a285fb62021-12-17 12:31:22.557root 11241100x8000000000000000317757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6db42031a726cc2021-12-17 12:31:22.557root 11241100x8000000000000000317758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3142fea129c56e592021-12-17 12:31:22.557root 11241100x8000000000000000317759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9118be25825ece2021-12-17 12:31:22.557root 11241100x8000000000000000317760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc4824968a22ff22021-12-17 12:31:22.557root 11241100x8000000000000000317761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ce02751bb1d74e2021-12-17 12:31:22.557root 11241100x8000000000000000317762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54184048300d7a902021-12-17 12:31:22.557root 11241100x8000000000000000317763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4870de434b29fb62021-12-17 12:31:22.557root 11241100x8000000000000000317764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e95969eea88f2f42021-12-17 12:31:22.557root 11241100x8000000000000000317765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56a3214859e68f82021-12-17 12:31:22.557root 11241100x8000000000000000317766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40054e1e8cfc4c602021-12-17 12:31:22.558root 11241100x8000000000000000317767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ba3d5b914f366e2021-12-17 12:31:22.558root 11241100x8000000000000000317768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a64a1d6179a8932021-12-17 12:31:22.558root 11241100x8000000000000000317769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be68c7980adec8d2021-12-17 12:31:22.558root 11241100x8000000000000000317770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cf1f7e22f5d7d92021-12-17 12:31:22.558root 11241100x8000000000000000317771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b3b222f02e30722021-12-17 12:31:22.558root 11241100x8000000000000000317772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c620e7c5764b2d02021-12-17 12:31:23.057root 11241100x8000000000000000317773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a86db5111eb098f2021-12-17 12:31:23.057root 11241100x8000000000000000317774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8074f55f5de2c8442021-12-17 12:31:23.057root 11241100x8000000000000000317775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1627fd58d9e4692021-12-17 12:31:23.057root 11241100x8000000000000000317776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426cc07b8cb49c3a2021-12-17 12:31:23.057root 11241100x8000000000000000317777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d551ce4001cf55b2021-12-17 12:31:23.057root 11241100x8000000000000000317778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb554255357dccb52021-12-17 12:31:23.057root 11241100x8000000000000000317779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4578728189419aed2021-12-17 12:31:23.057root 11241100x8000000000000000317780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3fc47f21b8eb042021-12-17 12:31:23.057root 11241100x8000000000000000317781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39374eb76ce326ab2021-12-17 12:31:23.057root 11241100x8000000000000000317782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da61ac8eeff613df2021-12-17 12:31:23.058root 11241100x8000000000000000317783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81159d2fd9494d612021-12-17 12:31:23.058root 11241100x8000000000000000317784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032a5d902a2c0b1c2021-12-17 12:31:23.058root 11241100x8000000000000000317785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1e06c9f0b3b93f2021-12-17 12:31:23.058root 11241100x8000000000000000317786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b83f1852287e712021-12-17 12:31:23.058root 11241100x8000000000000000317787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34a3adccfd868e72021-12-17 12:31:23.058root 11241100x8000000000000000317788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba3f4871f7699482021-12-17 12:31:23.058root 11241100x8000000000000000317789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a4299113c547682021-12-17 12:31:23.557root 11241100x8000000000000000317790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750bb2fdef0b26a42021-12-17 12:31:23.557root 11241100x8000000000000000317791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5850d17509d376972021-12-17 12:31:23.557root 11241100x8000000000000000317792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf996b4b5dfe82af2021-12-17 12:31:23.557root 11241100x8000000000000000317793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6ff7de639f96d52021-12-17 12:31:23.557root 11241100x8000000000000000317794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592ab837c9ce69312021-12-17 12:31:23.557root 11241100x8000000000000000317795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244da127eb2943652021-12-17 12:31:23.557root 11241100x8000000000000000317796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb569807f23e4742021-12-17 12:31:23.557root 11241100x8000000000000000317797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195025ca894f239e2021-12-17 12:31:23.557root 11241100x8000000000000000317798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517dbf21f61f1bab2021-12-17 12:31:23.557root 11241100x8000000000000000317799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152193d94e53b6c12021-12-17 12:31:23.557root 11241100x8000000000000000317800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2072759109a4c62021-12-17 12:31:23.558root 11241100x8000000000000000317801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7969352a467b38502021-12-17 12:31:23.558root 11241100x8000000000000000317802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2000d026444f251e2021-12-17 12:31:23.558root 11241100x8000000000000000317803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9727646f4aa5aac42021-12-17 12:31:23.558root 11241100x8000000000000000317804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d84641f1806d1bd2021-12-17 12:31:23.558root 11241100x8000000000000000317805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bf5c4f68fefc052021-12-17 12:31:23.558root 11241100x8000000000000000317806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df941cbb98c1bd62021-12-17 12:31:24.057root 11241100x8000000000000000317807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efbaffb58fd0dc62021-12-17 12:31:24.057root 11241100x8000000000000000317808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246e5ac1ee4d52e52021-12-17 12:31:24.057root 11241100x8000000000000000317809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dc2efe6daf8db92021-12-17 12:31:24.057root 11241100x8000000000000000317810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd726f211a1cc282021-12-17 12:31:24.057root 11241100x8000000000000000317811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8f5ee58801d3272021-12-17 12:31:24.057root 11241100x8000000000000000317812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d10e1055b022902021-12-17 12:31:24.057root 11241100x8000000000000000317813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cc55e6a64b763f2021-12-17 12:31:24.057root 11241100x8000000000000000317814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2a364bcda1b0392021-12-17 12:31:24.057root 11241100x8000000000000000317815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d0dbd5d025d1b42021-12-17 12:31:24.057root 11241100x8000000000000000317816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd0c1d2c6cbaad12021-12-17 12:31:24.058root 11241100x8000000000000000317817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4e58b51d0698282021-12-17 12:31:24.058root 11241100x8000000000000000317818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e064062efc3186e2021-12-17 12:31:24.058root 11241100x8000000000000000317819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95c261ae4ab639f2021-12-17 12:31:24.058root 11241100x8000000000000000317820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ed017ad7779cbf2021-12-17 12:31:24.058root 11241100x8000000000000000317821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0225960dde333222021-12-17 12:31:24.058root 11241100x8000000000000000317822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cee519d9899e722021-12-17 12:31:24.058root 354300x8000000000000000317823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.064{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44506-false10.0.1.12-8000- 11241100x8000000000000000317824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff8ad50168b12062021-12-17 12:31:24.557root 11241100x8000000000000000317825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a47e7cd52440ba82021-12-17 12:31:24.557root 11241100x8000000000000000317826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc65234a015d3b02021-12-17 12:31:24.557root 11241100x8000000000000000317827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83227a30f6a96ca2021-12-17 12:31:24.557root 11241100x8000000000000000317828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3a3e06cbab79842021-12-17 12:31:24.557root 11241100x8000000000000000317829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96679aa0091aec252021-12-17 12:31:24.557root 11241100x8000000000000000317830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5263ec0f4e72bfd62021-12-17 12:31:24.557root 11241100x8000000000000000317831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27733e8ae9960ea42021-12-17 12:31:24.557root 11241100x8000000000000000317832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ce583144c1cc342021-12-17 12:31:24.557root 11241100x8000000000000000317833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2198ca217a5debd2021-12-17 12:31:24.558root 11241100x8000000000000000317834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e169794a7f7a5942021-12-17 12:31:24.558root 11241100x8000000000000000317835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e66852bcb56a862021-12-17 12:31:24.558root 11241100x8000000000000000317836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7894b5ca848b30d12021-12-17 12:31:24.558root 11241100x8000000000000000317837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e639d9a914e8fa692021-12-17 12:31:24.558root 11241100x8000000000000000317838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8cda07b89116912021-12-17 12:31:24.558root 11241100x8000000000000000317839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41ff502341ee4902021-12-17 12:31:24.558root 11241100x8000000000000000317840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76a62418d2b2f272021-12-17 12:31:24.558root 11241100x8000000000000000317841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83a5a1741e7eef92021-12-17 12:31:24.558root 11241100x8000000000000000317842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef9f29c1592b18b2021-12-17 12:31:25.057root 11241100x8000000000000000317843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3022dd71af81ede2021-12-17 12:31:25.057root 11241100x8000000000000000317844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21ded3ad585a9252021-12-17 12:31:25.057root 11241100x8000000000000000317845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f03e86b1ca54dc2021-12-17 12:31:25.057root 11241100x8000000000000000317846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1443d4a50170fca92021-12-17 12:31:25.057root 11241100x8000000000000000317847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936d5b6f864c3cc62021-12-17 12:31:25.057root 11241100x8000000000000000317848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc79dba642725102021-12-17 12:31:25.057root 11241100x8000000000000000317849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48e4eff6c415d152021-12-17 12:31:25.057root 11241100x8000000000000000317850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a3c166095873b2021-12-17 12:31:25.057root 11241100x8000000000000000317851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547b469a134a34052021-12-17 12:31:25.057root 11241100x8000000000000000317852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172e2664fd288d562021-12-17 12:31:25.058root 11241100x8000000000000000317853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf972159062c9ff2021-12-17 12:31:25.058root 11241100x8000000000000000317854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc06bffd97acb632021-12-17 12:31:25.058root 11241100x8000000000000000317855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53daac47faca194e2021-12-17 12:31:25.058root 11241100x8000000000000000317856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a2405f06f3097e2021-12-17 12:31:25.058root 11241100x8000000000000000317857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85c2c0d06acbcbb2021-12-17 12:31:25.058root 11241100x8000000000000000317858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d024dee9ce998f042021-12-17 12:31:25.058root 11241100x8000000000000000317859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93510e0c1ce896c82021-12-17 12:31:25.058root 11241100x8000000000000000317860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88705c8b1abb743e2021-12-17 12:31:25.557root 11241100x8000000000000000317861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3550b349bdd96b12021-12-17 12:31:25.557root 11241100x8000000000000000317862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48bc567ac39dc242021-12-17 12:31:25.557root 11241100x8000000000000000317863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481cd60a638758d92021-12-17 12:31:25.557root 11241100x8000000000000000317864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8477d88e24c5612021-12-17 12:31:25.557root 11241100x8000000000000000317865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e290e4d5bfc4132021-12-17 12:31:25.557root 11241100x8000000000000000317866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a3a03f2729f5722021-12-17 12:31:25.557root 11241100x8000000000000000317867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382bacd0af600db92021-12-17 12:31:25.557root 11241100x8000000000000000317868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec36de44da6a13f02021-12-17 12:31:25.557root 11241100x8000000000000000317869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b21032c836a2e12021-12-17 12:31:25.557root 11241100x8000000000000000317870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f08315e9dbdd0632021-12-17 12:31:25.557root 11241100x8000000000000000317871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2796507ff59a99132021-12-17 12:31:25.558root 11241100x8000000000000000317872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35657d8ce4e68612021-12-17 12:31:25.558root 11241100x8000000000000000317873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca7b0e60db6636a2021-12-17 12:31:25.558root 11241100x8000000000000000317874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf32fc1968d2d692021-12-17 12:31:25.558root 11241100x8000000000000000317875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7aae2038a2ead2a2021-12-17 12:31:25.558root 11241100x8000000000000000317876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33e671542d45e662021-12-17 12:31:25.558root 11241100x8000000000000000317877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221b29b5b6cbb18b2021-12-17 12:31:25.558root 11241100x8000000000000000317878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1f1edfa626eab12021-12-17 12:31:26.057root 11241100x8000000000000000317879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f9a9f831442c1b2021-12-17 12:31:26.057root 11241100x8000000000000000317880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d8efd56d0ac1992021-12-17 12:31:26.057root 11241100x8000000000000000317881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faec9011157626992021-12-17 12:31:26.057root 11241100x8000000000000000317882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f44a3798e93c692021-12-17 12:31:26.057root 11241100x8000000000000000317883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d42393ebbd07ed2021-12-17 12:31:26.057root 11241100x8000000000000000317884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443fa5efcfde7b6e2021-12-17 12:31:26.057root 11241100x8000000000000000317885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df0eba86388a2842021-12-17 12:31:26.057root 11241100x8000000000000000317886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2031e5cf3f2344b92021-12-17 12:31:26.057root 11241100x8000000000000000317887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a091251fb25a40ee2021-12-17 12:31:26.057root 11241100x8000000000000000317888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38987a6ffb6079242021-12-17 12:31:26.058root 11241100x8000000000000000317889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c87b973c0a8d202021-12-17 12:31:26.058root 11241100x8000000000000000317890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd0c5f465b06eb32021-12-17 12:31:26.058root 11241100x8000000000000000317891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4caee9cb3f716832021-12-17 12:31:26.058root 11241100x8000000000000000317892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6077706adc5a46e22021-12-17 12:31:26.058root 11241100x8000000000000000317893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ff2d5937caa9992021-12-17 12:31:26.058root 11241100x8000000000000000317894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e32e37e2d816922021-12-17 12:31:26.058root 11241100x8000000000000000317895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d317e15a35a1b8b52021-12-17 12:31:26.058root 11241100x8000000000000000317896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d660590b5160b4c62021-12-17 12:31:26.557root 11241100x8000000000000000317897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d398941e8f9558c12021-12-17 12:31:26.557root 11241100x8000000000000000317898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91efbe67f6b8494a2021-12-17 12:31:26.557root 11241100x8000000000000000317899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58820f2653e8d6692021-12-17 12:31:26.557root 11241100x8000000000000000317900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ff6036bca4c2a12021-12-17 12:31:26.557root 11241100x8000000000000000317901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d603381a5bebfa32021-12-17 12:31:26.557root 11241100x8000000000000000317902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f5d4564bb8fc072021-12-17 12:31:26.557root 11241100x8000000000000000317903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c200fb2e65147c0c2021-12-17 12:31:26.557root 11241100x8000000000000000317904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de53befe65aa6752021-12-17 12:31:26.557root 11241100x8000000000000000317905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7a8171879ec602021-12-17 12:31:26.557root 11241100x8000000000000000317906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6028ec6464a11b042021-12-17 12:31:26.558root 11241100x8000000000000000317907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbf4352887194d32021-12-17 12:31:26.558root 11241100x8000000000000000317908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778fa8b81dc772962021-12-17 12:31:26.558root 11241100x8000000000000000317909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af37891928e36782021-12-17 12:31:26.558root 11241100x8000000000000000317910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccc4f6e556f673e2021-12-17 12:31:26.558root 11241100x8000000000000000317911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3ce7cba6f11c932021-12-17 12:31:26.558root 11241100x8000000000000000317912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9327e367ebd68c2021-12-17 12:31:26.558root 11241100x8000000000000000317913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ec9b6ae63218e62021-12-17 12:31:26.558root 11241100x8000000000000000317914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce14dab57103d592021-12-17 12:31:27.057root 11241100x8000000000000000317915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166bd27d570f40e12021-12-17 12:31:27.057root 11241100x8000000000000000317916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54792e9c7c8cced52021-12-17 12:31:27.057root 11241100x8000000000000000317917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2156b2e5b7375a2021-12-17 12:31:27.057root 11241100x8000000000000000317918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd12bad610b58752021-12-17 12:31:27.057root 11241100x8000000000000000317919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938a1304658151232021-12-17 12:31:27.057root 11241100x8000000000000000317920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e5ac241b4aa4942021-12-17 12:31:27.057root 11241100x8000000000000000317921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6270fd0518d2e7c42021-12-17 12:31:27.057root 11241100x8000000000000000317922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34997d9f0801df242021-12-17 12:31:27.057root 11241100x8000000000000000317923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b62218fdd5c708f2021-12-17 12:31:27.057root 11241100x8000000000000000317924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0b4677a92c51e82021-12-17 12:31:27.058root 11241100x8000000000000000317925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a8c7462b7ddf842021-12-17 12:31:27.058root 11241100x8000000000000000317926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45a46df2fa8a2e82021-12-17 12:31:27.058root 11241100x8000000000000000317927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b3a02834990c0a2021-12-17 12:31:27.058root 11241100x8000000000000000317928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d99324d265ea4b2021-12-17 12:31:27.058root 11241100x8000000000000000317929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55261194ed24ada62021-12-17 12:31:27.058root 11241100x8000000000000000317930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623157b65d4909482021-12-17 12:31:27.058root 11241100x8000000000000000317931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a894e7939798de22021-12-17 12:31:27.058root 11241100x8000000000000000317932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8dcf321af61b4a2021-12-17 12:31:27.557root 11241100x8000000000000000317933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e124420904b1db872021-12-17 12:31:27.557root 11241100x8000000000000000317934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7dc26152be28132021-12-17 12:31:27.557root 11241100x8000000000000000317935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bb0287aef7070d2021-12-17 12:31:27.557root 11241100x8000000000000000317936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8087fd3ceb5030c2021-12-17 12:31:27.557root 11241100x8000000000000000317937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7c5ad19621c82d2021-12-17 12:31:27.557root 11241100x8000000000000000317938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2163752a70763352021-12-17 12:31:27.557root 11241100x8000000000000000317939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83095b8ba20788bf2021-12-17 12:31:27.557root 11241100x8000000000000000317940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c921f9466201b42021-12-17 12:31:27.557root 11241100x8000000000000000317941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617493ce626cfb3b2021-12-17 12:31:27.557root 11241100x8000000000000000317942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e02e24b5895a25c2021-12-17 12:31:27.558root 11241100x8000000000000000317943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10eee1adcaeea722021-12-17 12:31:27.558root 11241100x8000000000000000317944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6735c8565bf9cabc2021-12-17 12:31:27.558root 11241100x8000000000000000317945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f308c73744c477a92021-12-17 12:31:27.558root 11241100x8000000000000000317946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065c69dedf464f812021-12-17 12:31:27.558root 11241100x8000000000000000317947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314e9626aaa3fff62021-12-17 12:31:27.558root 11241100x8000000000000000317948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3c5fbf56be54b62021-12-17 12:31:27.558root 11241100x8000000000000000317949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b2b1d052706bbc2021-12-17 12:31:27.558root 11241100x8000000000000000317950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368efb55f65adada2021-12-17 12:31:28.057root 11241100x8000000000000000317951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f917e6b7d4dbb962021-12-17 12:31:28.057root 11241100x8000000000000000317952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a06a8bb9273ac5d2021-12-17 12:31:28.057root 11241100x8000000000000000317953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d0b4a3224399b22021-12-17 12:31:28.057root 11241100x8000000000000000317954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89c5649bc1ac3292021-12-17 12:31:28.057root 11241100x8000000000000000317955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352b52e080aa43a12021-12-17 12:31:28.057root 11241100x8000000000000000317956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabb6472557c4cf62021-12-17 12:31:28.057root 11241100x8000000000000000317957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfaec62a580b39e2021-12-17 12:31:28.058root 11241100x8000000000000000317958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7489a7ffb8feaf842021-12-17 12:31:28.058root 11241100x8000000000000000317959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b604c8c5210658a2021-12-17 12:31:28.058root 11241100x8000000000000000317960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921895856805f27d2021-12-17 12:31:28.059root 11241100x8000000000000000317961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9362b2ebacfa2dc22021-12-17 12:31:28.059root 11241100x8000000000000000317962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f6db6ae449793f2021-12-17 12:31:28.059root 11241100x8000000000000000317963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2366044acf3ff4cc2021-12-17 12:31:28.059root 11241100x8000000000000000317964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126ffe40acaa95742021-12-17 12:31:28.059root 11241100x8000000000000000317965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20a9d11c96628222021-12-17 12:31:28.060root 11241100x8000000000000000317966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba41cb19b92db072021-12-17 12:31:28.060root 11241100x8000000000000000317967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a09e0b30ffc53f2021-12-17 12:31:28.060root 11241100x8000000000000000317968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4958118b2fd8a3d92021-12-17 12:31:28.557root 11241100x8000000000000000317969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b355b19f38fcc2d2021-12-17 12:31:28.557root 11241100x8000000000000000317970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1b2a40de9f60742021-12-17 12:31:28.557root 11241100x8000000000000000317971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45099e240ff96422021-12-17 12:31:28.557root 11241100x8000000000000000317972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959e431c1dd856882021-12-17 12:31:28.557root 11241100x8000000000000000317973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167ba241f4abfe9b2021-12-17 12:31:28.557root 11241100x8000000000000000317974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4268b25cc2a81662021-12-17 12:31:28.557root 11241100x8000000000000000317975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a4859d1c86ca9b2021-12-17 12:31:28.557root 11241100x8000000000000000317976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c0a9ba634f7bb72021-12-17 12:31:28.558root 11241100x8000000000000000317977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c58df75529f6f2a2021-12-17 12:31:28.558root 11241100x8000000000000000317978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32478088f67e98872021-12-17 12:31:28.558root 11241100x8000000000000000317979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9fe0fa543f4f9a2021-12-17 12:31:28.558root 11241100x8000000000000000317980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db12617b45a969c2021-12-17 12:31:28.558root 11241100x8000000000000000317981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ec77c41e5701902021-12-17 12:31:28.558root 11241100x8000000000000000317982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33b55dc22c6384e2021-12-17 12:31:28.558root 11241100x8000000000000000317983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99ad912db141bfa2021-12-17 12:31:28.558root 11241100x8000000000000000317984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f262ecaaf48cc32021-12-17 12:31:28.558root 11241100x8000000000000000317985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa37fdb425910b302021-12-17 12:31:28.558root 11241100x8000000000000000317986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22859404802ba7812021-12-17 12:31:29.057root 11241100x8000000000000000317987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582f84f8923c44802021-12-17 12:31:29.057root 11241100x8000000000000000317988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38261ea4194902df2021-12-17 12:31:29.058root 11241100x8000000000000000317989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97373949e106d09c2021-12-17 12:31:29.058root 11241100x8000000000000000317990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fe60a5294406b82021-12-17 12:31:29.058root 11241100x8000000000000000317991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3272e948631fa8b22021-12-17 12:31:29.058root 11241100x8000000000000000317992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ab74bace81194e2021-12-17 12:31:29.058root 11241100x8000000000000000317993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad977dcb8f83ecc2021-12-17 12:31:29.058root 11241100x8000000000000000317994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c67bf9b5b6d6d342021-12-17 12:31:29.058root 11241100x8000000000000000317995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554a1f7ad752f3f52021-12-17 12:31:29.058root 11241100x8000000000000000317996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8bb8d26618e3ee2021-12-17 12:31:29.058root 11241100x8000000000000000317997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732be27d35c39a182021-12-17 12:31:29.058root 11241100x8000000000000000317998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c25cf4e787b11e2021-12-17 12:31:29.058root 11241100x8000000000000000317999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b508b6b707412572021-12-17 12:31:29.059root 11241100x8000000000000000318000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbd8386c4eeb9702021-12-17 12:31:29.059root 11241100x8000000000000000318001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ac01699a3584202021-12-17 12:31:29.059root 11241100x8000000000000000318002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13e0cda8a1319d62021-12-17 12:31:29.059root 11241100x8000000000000000318003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3766b66439ea1cf32021-12-17 12:31:29.059root 354300x8000000000000000318004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.238{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44508-false10.0.1.12-8000- 11241100x8000000000000000318005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929fb30757a75a472021-12-17 12:31:29.557root 11241100x8000000000000000318006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e20146c5678bbb2021-12-17 12:31:29.557root 11241100x8000000000000000318007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160909dadb99beb82021-12-17 12:31:29.557root 11241100x8000000000000000318008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7171d0f445b8891e2021-12-17 12:31:29.557root 11241100x8000000000000000318009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4903b8effd40332021-12-17 12:31:29.557root 11241100x8000000000000000318010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4d917d03f648e92021-12-17 12:31:29.557root 11241100x8000000000000000318011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3981ec406e5ad7062021-12-17 12:31:29.557root 11241100x8000000000000000318012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd50970f9ce0cae2021-12-17 12:31:29.557root 11241100x8000000000000000318013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbd987a0683035c2021-12-17 12:31:29.558root 11241100x8000000000000000318014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bc1e8bb2a864fc2021-12-17 12:31:29.558root 11241100x8000000000000000318015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3127d9dec9dbd6a02021-12-17 12:31:29.558root 11241100x8000000000000000318016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d61e6c59c716ca2021-12-17 12:31:29.558root 11241100x8000000000000000318017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53ffd24d39d07352021-12-17 12:31:29.558root 11241100x8000000000000000318018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c11ceff68f65642021-12-17 12:31:29.558root 11241100x8000000000000000318019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b2bdbeab0493f72021-12-17 12:31:29.558root 11241100x8000000000000000318020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2460ad009719a92021-12-17 12:31:29.558root 11241100x8000000000000000318021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbca9f0a68f861de2021-12-17 12:31:29.558root 11241100x8000000000000000318022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3750fb5555cc57f52021-12-17 12:31:29.558root 11241100x8000000000000000318023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbc236ab3e7e57e2021-12-17 12:31:29.559root 11241100x8000000000000000318024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f965a62eed5f6e62021-12-17 12:31:30.057root 11241100x8000000000000000318025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab28f09bbe67d5012021-12-17 12:31:30.057root 11241100x8000000000000000318026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f3c1765ceafaa32021-12-17 12:31:30.057root 11241100x8000000000000000318027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18b7384a96dc53d2021-12-17 12:31:30.057root 11241100x8000000000000000318028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f629fbc520ea6672021-12-17 12:31:30.057root 11241100x8000000000000000318029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc7a1dc62ae92a32021-12-17 12:31:30.057root 11241100x8000000000000000318030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846e4d5f9d4f26e92021-12-17 12:31:30.058root 11241100x8000000000000000318031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88ef42b73056f692021-12-17 12:31:30.058root 11241100x8000000000000000318032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776f9e7f728cceb02021-12-17 12:31:30.058root 11241100x8000000000000000318033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce4555ba74fc0ef2021-12-17 12:31:30.058root 11241100x8000000000000000318034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa54d677b6a4a20f2021-12-17 12:31:30.058root 11241100x8000000000000000318035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647450b4942425232021-12-17 12:31:30.058root 11241100x8000000000000000318036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89428c1b711bbc552021-12-17 12:31:30.058root 11241100x8000000000000000318037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffb5aa2185f54d42021-12-17 12:31:30.058root 11241100x8000000000000000318038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b59ba775b0b3b02021-12-17 12:31:30.058root 11241100x8000000000000000318039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5921ffb1f336ab082021-12-17 12:31:30.059root 11241100x8000000000000000318040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac934bb3cc7f8eb22021-12-17 12:31:30.059root 11241100x8000000000000000318041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420edd36ecdafa5d2021-12-17 12:31:30.059root 11241100x8000000000000000318042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b24852a10b22072021-12-17 12:31:30.059root 11241100x8000000000000000318043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.167{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-17 12:31:30.167root 11241100x8000000000000000318044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5200a36cc4c6da2021-12-17 12:31:30.557root 11241100x8000000000000000318045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae67ded0971f3d52021-12-17 12:31:30.557root 11241100x8000000000000000318046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df73c6e97588e3d2021-12-17 12:31:30.557root 11241100x8000000000000000318047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a655e182cd2128862021-12-17 12:31:30.557root 11241100x8000000000000000318048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a02a35e0605746e2021-12-17 12:31:30.557root 11241100x8000000000000000318049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc8cc06093689bb2021-12-17 12:31:30.557root 11241100x8000000000000000318050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a47462a111a39d32021-12-17 12:31:30.557root 11241100x8000000000000000318051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1ef36650920e0d2021-12-17 12:31:30.558root 11241100x8000000000000000318052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538f6de7c4685f812021-12-17 12:31:30.558root 11241100x8000000000000000318053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7ec232addb23442021-12-17 12:31:30.558root 11241100x8000000000000000318054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604a2e41b49e00812021-12-17 12:31:30.558root 11241100x8000000000000000318055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea04725dbbe7af9a2021-12-17 12:31:30.558root 11241100x8000000000000000318056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90da05670c7a77042021-12-17 12:31:30.558root 11241100x8000000000000000318057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d73033b902483282021-12-17 12:31:30.558root 11241100x8000000000000000318058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c408380e65ce0622021-12-17 12:31:30.558root 11241100x8000000000000000318059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5396e3ef0ae01c72021-12-17 12:31:30.558root 11241100x8000000000000000318060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce279dfa06eef2b82021-12-17 12:31:30.558root 11241100x8000000000000000318061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5559d7b89e5a729f2021-12-17 12:31:30.559root 11241100x8000000000000000318062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7f94b8cc25643b2021-12-17 12:31:30.559root 11241100x8000000000000000318063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da512f9afe75d2d2021-12-17 12:31:30.559root 354300x8000000000000000318064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:30.725{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41656-false10.0.1.12-8089- 11241100x8000000000000000318065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f698b9d04240e892021-12-17 12:31:31.057root 11241100x8000000000000000318066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f1367a207f1fb62021-12-17 12:31:31.057root 11241100x8000000000000000318067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be87a5c364833802021-12-17 12:31:31.057root 11241100x8000000000000000318068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f426dba0affb60d02021-12-17 12:31:31.057root 11241100x8000000000000000318069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d93d63e2d5a95412021-12-17 12:31:31.057root 11241100x8000000000000000318070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f28760f9c360c92021-12-17 12:31:31.057root 11241100x8000000000000000318071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a311a01d9fae813f2021-12-17 12:31:31.057root 11241100x8000000000000000318072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e6f8a9bf395ff02021-12-17 12:31:31.057root 11241100x8000000000000000318073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92acfe16c1ef4df02021-12-17 12:31:31.058root 11241100x8000000000000000318074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1d0aa13455cdbe2021-12-17 12:31:31.058root 11241100x8000000000000000318075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f2a075f1777a982021-12-17 12:31:31.058root 11241100x8000000000000000318076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844d0f37935e601d2021-12-17 12:31:31.058root 11241100x8000000000000000318077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c83beb5d0c5f72021-12-17 12:31:31.058root 11241100x8000000000000000318078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4506739b71ee33ed2021-12-17 12:31:31.058root 11241100x8000000000000000318079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bb4d5f16f284f82021-12-17 12:31:31.058root 11241100x8000000000000000318080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc69430c679b6782021-12-17 12:31:31.058root 11241100x8000000000000000318081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712fc31245d7851f2021-12-17 12:31:31.058root 11241100x8000000000000000318082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73c70b9748685802021-12-17 12:31:31.059root 11241100x8000000000000000318083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f2f971ef8840fa2021-12-17 12:31:31.059root 11241100x8000000000000000318084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a96d42259ee053b2021-12-17 12:31:31.059root 11241100x8000000000000000318085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f75a8907df76242021-12-17 12:31:31.059root 11241100x8000000000000000318086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94f81e98b0893d72021-12-17 12:31:31.557root 11241100x8000000000000000318087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe77dd6de2768dd12021-12-17 12:31:31.557root 11241100x8000000000000000318088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de1130b9de429c12021-12-17 12:31:31.557root 11241100x8000000000000000318089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99d4049ad549ebd2021-12-17 12:31:31.557root 11241100x8000000000000000318090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfa3e0e15504b072021-12-17 12:31:31.558root 11241100x8000000000000000318091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4cb8272f208abb2021-12-17 12:31:31.558root 11241100x8000000000000000318092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b398f081f284ebdd2021-12-17 12:31:31.558root 11241100x8000000000000000318093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f769c28d4739f8292021-12-17 12:31:31.558root 11241100x8000000000000000318094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae41170d270912e2021-12-17 12:31:31.558root 11241100x8000000000000000318095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e532567cdbffe72021-12-17 12:31:31.558root 11241100x8000000000000000318096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf5efa909dc99422021-12-17 12:31:31.558root 11241100x8000000000000000318097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2825c63f1bde01682021-12-17 12:31:31.559root 11241100x8000000000000000318098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9d0bab4c8dcbae2021-12-17 12:31:31.559root 11241100x8000000000000000318099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c903d4367c82463b2021-12-17 12:31:31.559root 11241100x8000000000000000318100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f521c85c3f272b2021-12-17 12:31:31.559root 11241100x8000000000000000318101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb65ccfe49d855c62021-12-17 12:31:31.559root 11241100x8000000000000000318102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea17dcea01d6d3e72021-12-17 12:31:31.563root 11241100x8000000000000000318103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb985a4d98d65532021-12-17 12:31:31.563root 11241100x8000000000000000318104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affcc6af4224f4de2021-12-17 12:31:31.563root 11241100x8000000000000000318105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8372f4c49e25b592021-12-17 12:31:31.563root 11241100x8000000000000000318106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:31.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2bdb3cb86f10302021-12-17 12:31:31.563root 11241100x8000000000000000318107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0afde87561b31d2021-12-17 12:31:32.057root 11241100x8000000000000000318108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f408cb13568b8bbc2021-12-17 12:31:32.057root 11241100x8000000000000000318109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3671f9b837dc793f2021-12-17 12:31:32.057root 11241100x8000000000000000318110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dd1bf21038bcd12021-12-17 12:31:32.057root 11241100x8000000000000000318111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1829ea4a553a5ce2021-12-17 12:31:32.058root 11241100x8000000000000000318112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e19b27e14c132a2021-12-17 12:31:32.058root 11241100x8000000000000000318113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2492b799395167e42021-12-17 12:31:32.058root 11241100x8000000000000000318114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665519c4b3bf70782021-12-17 12:31:32.058root 11241100x8000000000000000318115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569036959b23560d2021-12-17 12:31:32.058root 11241100x8000000000000000318116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce10aa84fc57723a2021-12-17 12:31:32.058root 11241100x8000000000000000318117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8179717743f9cf9e2021-12-17 12:31:32.058root 11241100x8000000000000000318118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d038d9317fb39e082021-12-17 12:31:32.058root 11241100x8000000000000000318119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376393b31145b7932021-12-17 12:31:32.058root 11241100x8000000000000000318120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b690f19e87948d662021-12-17 12:31:32.058root 11241100x8000000000000000318121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7701a19fc6c0c6c72021-12-17 12:31:32.058root 11241100x8000000000000000318122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f25318f08a5c2d2021-12-17 12:31:32.058root 11241100x8000000000000000318123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0256baec347fab9d2021-12-17 12:31:32.059root 11241100x8000000000000000318124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07064b18442ec2e62021-12-17 12:31:32.059root 11241100x8000000000000000318125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585d9dd6c1a1cf562021-12-17 12:31:32.059root 11241100x8000000000000000318126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81abed0aa8f0b3b32021-12-17 12:31:32.059root 11241100x8000000000000000318127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8828d38b27bd0f3b2021-12-17 12:31:32.059root 11241100x8000000000000000318128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a0446bedb8ee452021-12-17 12:31:32.557root 11241100x8000000000000000318129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9e9e05919b5d162021-12-17 12:31:32.557root 11241100x8000000000000000318130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dee76d35dc1b5d2021-12-17 12:31:32.557root 11241100x8000000000000000318131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1c940c2e0b068e2021-12-17 12:31:32.557root 11241100x8000000000000000318132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea9a9c90b4fec82021-12-17 12:31:32.557root 11241100x8000000000000000318133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54320a4e86dd623b2021-12-17 12:31:32.557root 11241100x8000000000000000318134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efd3a1b437a59502021-12-17 12:31:32.558root 11241100x8000000000000000318135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c768639577035f22021-12-17 12:31:32.558root 11241100x8000000000000000318136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4fe0f0b63f29cd2021-12-17 12:31:32.558root 11241100x8000000000000000318137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743e370c53c5d90a2021-12-17 12:31:32.558root 11241100x8000000000000000318138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ab8629620fe9ad2021-12-17 12:31:32.558root 11241100x8000000000000000318139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a661cca6f4503f42021-12-17 12:31:32.558root 11241100x8000000000000000318140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63fd72ccd83e61c2021-12-17 12:31:32.558root 11241100x8000000000000000318141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d43ffecfbc93c32021-12-17 12:31:32.558root 11241100x8000000000000000318142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308d154037083cbe2021-12-17 12:31:32.558root 11241100x8000000000000000318143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d916afaccea6902021-12-17 12:31:32.558root 11241100x8000000000000000318144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad26e84179aecd8e2021-12-17 12:31:32.558root 11241100x8000000000000000318145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df8c58a4c2119e02021-12-17 12:31:32.558root 11241100x8000000000000000318146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de73e89c9ccb1062021-12-17 12:31:32.559root 11241100x8000000000000000318147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab1c752e8c110742021-12-17 12:31:32.559root 11241100x8000000000000000318148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4fbfa415e759912021-12-17 12:31:32.559root 11241100x8000000000000000318149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ddad90ca03395d2021-12-17 12:31:33.057root 11241100x8000000000000000318150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048e42846211a5a32021-12-17 12:31:33.057root 11241100x8000000000000000318151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6eed84320500da2021-12-17 12:31:33.057root 11241100x8000000000000000318152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b19d4ef8249431d2021-12-17 12:31:33.057root 11241100x8000000000000000318153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e86501af3ccb8d2021-12-17 12:31:33.057root 11241100x8000000000000000318154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dba0b32124cd9d2021-12-17 12:31:33.057root 11241100x8000000000000000318155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21059405192666a82021-12-17 12:31:33.057root 11241100x8000000000000000318156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550eabb726851cda2021-12-17 12:31:33.057root 11241100x8000000000000000318157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b785ec77af0c9802021-12-17 12:31:33.058root 11241100x8000000000000000318158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b03c65b4786d83e2021-12-17 12:31:33.058root 11241100x8000000000000000318159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bac97966ad09ee2021-12-17 12:31:33.058root 11241100x8000000000000000318160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303a9376e3129baf2021-12-17 12:31:33.058root 11241100x8000000000000000318161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab52150dd429df142021-12-17 12:31:33.058root 11241100x8000000000000000318162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fec4506017a4aba2021-12-17 12:31:33.058root 11241100x8000000000000000318163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdcd8c4f78b23612021-12-17 12:31:33.058root 11241100x8000000000000000318164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fead638c1a89fe2021-12-17 12:31:33.058root 11241100x8000000000000000318165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8414a8f6d71b412021-12-17 12:31:33.058root 11241100x8000000000000000318166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e471dedc71230d2021-12-17 12:31:33.059root 11241100x8000000000000000318167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af00d9d03b09d1f32021-12-17 12:31:33.059root 11241100x8000000000000000318168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e43ff473b2abf92021-12-17 12:31:33.059root 11241100x8000000000000000318169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3575221bf41447212021-12-17 12:31:33.059root 23542300x8000000000000000318170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.160{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000318171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08216a368a088a42021-12-17 12:31:33.557root 11241100x8000000000000000318172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1533ada52f90a4ef2021-12-17 12:31:33.557root 11241100x8000000000000000318173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899aeb3336866c832021-12-17 12:31:33.558root 11241100x8000000000000000318174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5260498d06fef622021-12-17 12:31:33.558root 11241100x8000000000000000318175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f730932b950649382021-12-17 12:31:33.558root 11241100x8000000000000000318176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e46e9bc12230992021-12-17 12:31:33.558root 11241100x8000000000000000318177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ededdc1f0fd3a1312021-12-17 12:31:33.559root 11241100x8000000000000000318178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8d618944241eaf2021-12-17 12:31:33.559root 11241100x8000000000000000318179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803906d64f73aac62021-12-17 12:31:33.560root 11241100x8000000000000000318180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d51d533fd9be0b2021-12-17 12:31:33.560root 11241100x8000000000000000318181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a0b36131ff002c2021-12-17 12:31:33.561root 11241100x8000000000000000318182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a24a87433ff6932021-12-17 12:31:33.561root 11241100x8000000000000000318183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd66c905203e2122021-12-17 12:31:33.561root 11241100x8000000000000000318184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787ddb462fa436212021-12-17 12:31:33.562root 11241100x8000000000000000318185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b68ff0d50c6bc12021-12-17 12:31:33.562root 11241100x8000000000000000318186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bbf88059c093232021-12-17 12:31:33.562root 11241100x8000000000000000318187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439fbe982bf8d2792021-12-17 12:31:33.562root 11241100x8000000000000000318188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abf53df73c40eb52021-12-17 12:31:33.563root 11241100x8000000000000000318189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385a75e4e46ad2e92021-12-17 12:31:33.563root 11241100x8000000000000000318190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4070dfd36273a22021-12-17 12:31:33.563root 11241100x8000000000000000318191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6882292f58758922021-12-17 12:31:33.564root 11241100x8000000000000000318192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:33.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365728e3a3833f6c2021-12-17 12:31:33.564root 11241100x8000000000000000318193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbbae85a9f9d76d2021-12-17 12:31:34.057root 11241100x8000000000000000318194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee8b14b93bb7e092021-12-17 12:31:34.057root 11241100x8000000000000000318195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87af09da9c70e4182021-12-17 12:31:34.057root 11241100x8000000000000000318196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32691b7108cb2332021-12-17 12:31:34.057root 11241100x8000000000000000318197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a46e90a2a8ac5722021-12-17 12:31:34.057root 11241100x8000000000000000318198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb4099b593350c2021-12-17 12:31:34.058root 11241100x8000000000000000318199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a3b9a77bb9cfdf2021-12-17 12:31:34.058root 11241100x8000000000000000318200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465da3a33b3789c52021-12-17 12:31:34.058root 11241100x8000000000000000318201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed811d3e3d2c13b52021-12-17 12:31:34.058root 11241100x8000000000000000318202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa49157189d40232021-12-17 12:31:34.058root 11241100x8000000000000000318203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418db0222dc664072021-12-17 12:31:34.058root 11241100x8000000000000000318204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aede2226a4ec982021-12-17 12:31:34.058root 11241100x8000000000000000318205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3728ca60723a73222021-12-17 12:31:34.058root 11241100x8000000000000000318206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2adac5f8bb10712021-12-17 12:31:34.059root 11241100x8000000000000000318207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861e0f0abb88acf52021-12-17 12:31:34.059root 11241100x8000000000000000318208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b2fba6f63190c22021-12-17 12:31:34.059root 11241100x8000000000000000318209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbdc66e1f88ef892021-12-17 12:31:34.059root 11241100x8000000000000000318210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04312e502eca8cf82021-12-17 12:31:34.059root 11241100x8000000000000000318211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43551bc5b595a8802021-12-17 12:31:34.060root 11241100x8000000000000000318212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8a1411427048d82021-12-17 12:31:34.060root 11241100x8000000000000000318213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8a7127c15556e52021-12-17 12:31:34.060root 11241100x8000000000000000318214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce224ad36b08fc712021-12-17 12:31:34.060root 11241100x8000000000000000318215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aba94c6ca2fb9d62021-12-17 12:31:34.557root 11241100x8000000000000000318216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aeb3fff56154e5b2021-12-17 12:31:34.557root 11241100x8000000000000000318217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1e2efd40a500d52021-12-17 12:31:34.557root 11241100x8000000000000000318218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbe700094fca88a2021-12-17 12:31:34.557root 11241100x8000000000000000318219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8cfb2d440466e02021-12-17 12:31:34.557root 11241100x8000000000000000318220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409f94ecd5e443362021-12-17 12:31:34.558root 11241100x8000000000000000318221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b58ae8d38ec5742021-12-17 12:31:34.558root 11241100x8000000000000000318222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0656251c57930042021-12-17 12:31:34.558root 11241100x8000000000000000318223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e38509e98daeee2021-12-17 12:31:34.558root 11241100x8000000000000000318224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55ca84dfbd4af862021-12-17 12:31:34.558root 11241100x8000000000000000318225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c91b08c7f906a302021-12-17 12:31:34.558root 11241100x8000000000000000318226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6eca7c2c52412a2021-12-17 12:31:34.558root 11241100x8000000000000000318227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659d45828a6e2b162021-12-17 12:31:34.558root 11241100x8000000000000000318228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebe8355aa301f802021-12-17 12:31:34.558root 11241100x8000000000000000318229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262a9b274e455dee2021-12-17 12:31:34.559root 11241100x8000000000000000318230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb1f860eceb7bea2021-12-17 12:31:34.559root 11241100x8000000000000000318231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e5c9786d682a892021-12-17 12:31:34.559root 11241100x8000000000000000318232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe11c703dfc42842021-12-17 12:31:34.559root 11241100x8000000000000000318233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8048209d611d3b612021-12-17 12:31:34.559root 11241100x8000000000000000318234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef7b9e0a56d80a22021-12-17 12:31:34.559root 11241100x8000000000000000318235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafa10abde0ad0912021-12-17 12:31:34.559root 11241100x8000000000000000318236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6eef21c313611272021-12-17 12:31:34.559root 11241100x8000000000000000318237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8e36fb4bd033382021-12-17 12:31:35.057root 11241100x8000000000000000318238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de66d3e2fa0cf0cc2021-12-17 12:31:35.057root 11241100x8000000000000000318239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7578065c1343f17d2021-12-17 12:31:35.057root 11241100x8000000000000000318240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1152b6cba03557102021-12-17 12:31:35.057root 11241100x8000000000000000318241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8403bd261c70de1e2021-12-17 12:31:35.057root 11241100x8000000000000000318242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda2c35dde8aa33f2021-12-17 12:31:35.057root 11241100x8000000000000000318243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8842724b53ffe34d2021-12-17 12:31:35.057root 11241100x8000000000000000318244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe6b7aa93372b7a2021-12-17 12:31:35.058root 11241100x8000000000000000318245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676b8054d16457282021-12-17 12:31:35.058root 11241100x8000000000000000318246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2128b446d68c612021-12-17 12:31:35.058root 11241100x8000000000000000318247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326db778f256f36f2021-12-17 12:31:35.058root 11241100x8000000000000000318248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d114f0a6b419ece2021-12-17 12:31:35.058root 11241100x8000000000000000318249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b9ce6fe62279e32021-12-17 12:31:35.058root 11241100x8000000000000000318250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c76e7c5d2df7d322021-12-17 12:31:35.058root 11241100x8000000000000000318251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc265df3b4a38762021-12-17 12:31:35.058root 11241100x8000000000000000318252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00383c8bea262acf2021-12-17 12:31:35.058root 11241100x8000000000000000318253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c880da1a9efaa782021-12-17 12:31:35.059root 11241100x8000000000000000318254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b49bf39bb8f8d4e2021-12-17 12:31:35.059root 11241100x8000000000000000318255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4fbbf1812b11292021-12-17 12:31:35.059root 11241100x8000000000000000318256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8277b565cbcf7092021-12-17 12:31:35.059root 11241100x8000000000000000318257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95682562b73785f42021-12-17 12:31:35.059root 11241100x8000000000000000318258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7ad3f457fb7fc72021-12-17 12:31:35.059root 354300x8000000000000000318259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.236{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44512-false10.0.1.12-8000- 11241100x8000000000000000318260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb63e54e34e820972021-12-17 12:31:35.557root 11241100x8000000000000000318261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4404e94d886c83d2021-12-17 12:31:35.557root 11241100x8000000000000000318262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d305b01e1d4e73b72021-12-17 12:31:35.557root 11241100x8000000000000000318263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92f913cbf721d722021-12-17 12:31:35.557root 11241100x8000000000000000318264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677a5620aa16174b2021-12-17 12:31:35.557root 11241100x8000000000000000318265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f476b660f180952021-12-17 12:31:35.557root 11241100x8000000000000000318266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501b34b7e130acc42021-12-17 12:31:35.557root 11241100x8000000000000000318267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012e6e311833d9f82021-12-17 12:31:35.558root 11241100x8000000000000000318268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8496003a2c4bbf2021-12-17 12:31:35.558root 11241100x8000000000000000318269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950362b6db8ddc172021-12-17 12:31:35.558root 11241100x8000000000000000318270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94da572938a6c2582021-12-17 12:31:35.560root 11241100x8000000000000000318271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d54faffcc80f6372021-12-17 12:31:35.560root 11241100x8000000000000000318272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a2ce2d6b5200262021-12-17 12:31:35.560root 11241100x8000000000000000318273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf6d895879410b82021-12-17 12:31:35.561root 11241100x8000000000000000318274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3e561f2cebbb522021-12-17 12:31:35.561root 11241100x8000000000000000318275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0212d58380472cb32021-12-17 12:31:35.561root 11241100x8000000000000000318276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914501c2560ab91b2021-12-17 12:31:35.561root 11241100x8000000000000000318277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be57c912a5ef7ae12021-12-17 12:31:35.561root 11241100x8000000000000000318278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed9d1cec74547d22021-12-17 12:31:35.561root 11241100x8000000000000000318279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104c3827619d6ad62021-12-17 12:31:35.561root 11241100x8000000000000000318280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53842a6b53ef06192021-12-17 12:31:35.561root 11241100x8000000000000000318281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901339563b9054392021-12-17 12:31:35.561root 11241100x8000000000000000318282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb68459927db2dd02021-12-17 12:31:35.561root 11241100x8000000000000000318283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a81a2372df00e5c2021-12-17 12:31:36.057root 11241100x8000000000000000318284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e93af48175e2322021-12-17 12:31:36.057root 11241100x8000000000000000318285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a7da1c2290a6a12021-12-17 12:31:36.057root 11241100x8000000000000000318286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c2a832cb8f48cc2021-12-17 12:31:36.057root 11241100x8000000000000000318287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b5d4f46c2e36692021-12-17 12:31:36.058root 11241100x8000000000000000318288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de99bbb97ad715512021-12-17 12:31:36.058root 11241100x8000000000000000318289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25835e7dbdbe3a732021-12-17 12:31:36.058root 11241100x8000000000000000318290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29870304b2477f072021-12-17 12:31:36.058root 11241100x8000000000000000318291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fc8e72e6c37e0f2021-12-17 12:31:36.058root 11241100x8000000000000000318292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5e3f58fa56a9212021-12-17 12:31:36.058root 11241100x8000000000000000318293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5af34f17f9d6ca62021-12-17 12:31:36.058root 11241100x8000000000000000318294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0317e42e8b16c18b2021-12-17 12:31:36.058root 11241100x8000000000000000318295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaede858e1829ad2021-12-17 12:31:36.058root 11241100x8000000000000000318296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552d1a99dbc4f1b82021-12-17 12:31:36.058root 11241100x8000000000000000318297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8401e1ca6a26b32021-12-17 12:31:36.058root 11241100x8000000000000000318298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1551f4706517422021-12-17 12:31:36.058root 11241100x8000000000000000318299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59831771fd26ec172021-12-17 12:31:36.058root 11241100x8000000000000000318300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b83f04859f7db0a2021-12-17 12:31:36.058root 11241100x8000000000000000318301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c659900a6b284722021-12-17 12:31:36.059root 11241100x8000000000000000318302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b403269b1765bd152021-12-17 12:31:36.059root 11241100x8000000000000000318303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9717857b3883de62021-12-17 12:31:36.059root 11241100x8000000000000000318304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9cac7741417f652021-12-17 12:31:36.059root 11241100x8000000000000000318305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf925850efcfea8f2021-12-17 12:31:36.059root 11241100x8000000000000000318306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737a31e64099d30a2021-12-17 12:31:36.557root 11241100x8000000000000000318307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bafba026a245702021-12-17 12:31:36.557root 11241100x8000000000000000318308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca23266c860f5572021-12-17 12:31:36.557root 11241100x8000000000000000318309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e165d5caf2f9c72021-12-17 12:31:36.557root 11241100x8000000000000000318310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d668f015e6dad62021-12-17 12:31:36.557root 11241100x8000000000000000318311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fc3334b92fee422021-12-17 12:31:36.557root 11241100x8000000000000000318312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40857a0b15afec3c2021-12-17 12:31:36.557root 11241100x8000000000000000318313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa6c89de0eb28dd2021-12-17 12:31:36.558root 11241100x8000000000000000318314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6338ff8a5ecb6a2f2021-12-17 12:31:36.558root 11241100x8000000000000000318315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01067962d2302d892021-12-17 12:31:36.558root 11241100x8000000000000000318316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3481f37d6eddd562021-12-17 12:31:36.558root 11241100x8000000000000000318317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3209e0373d8d035e2021-12-17 12:31:36.558root 11241100x8000000000000000318318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9e1a2ccc0155c02021-12-17 12:31:36.558root 11241100x8000000000000000318319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e269ac2413c164162021-12-17 12:31:36.558root 11241100x8000000000000000318320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e8f47e1c742a082021-12-17 12:31:36.558root 11241100x8000000000000000318321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb1acc34f15bf3b2021-12-17 12:31:36.558root 11241100x8000000000000000318322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c316aceac514434d2021-12-17 12:31:36.558root 11241100x8000000000000000318323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e827666a7fdd392021-12-17 12:31:36.558root 11241100x8000000000000000318324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aaf4fadb6ffd5512021-12-17 12:31:36.558root 11241100x8000000000000000318325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683bba3f9e30eee92021-12-17 12:31:36.558root 11241100x8000000000000000318326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca860b551c4d9332021-12-17 12:31:36.558root 11241100x8000000000000000318327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6c5201dd129d2b2021-12-17 12:31:36.559root 11241100x8000000000000000318328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a979bb6b31e9bc2021-12-17 12:31:36.559root 11241100x8000000000000000318329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32287b0e5bb8797f2021-12-17 12:31:37.057root 11241100x8000000000000000318330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae2146dc17fcca82021-12-17 12:31:37.057root 11241100x8000000000000000318331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912fde94afd3c3652021-12-17 12:31:37.057root 11241100x8000000000000000318332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d32fef358970bdf2021-12-17 12:31:37.057root 11241100x8000000000000000318333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9e85b344866c322021-12-17 12:31:37.057root 11241100x8000000000000000318334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f4af9096b9305e2021-12-17 12:31:37.058root 11241100x8000000000000000318335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb44df3e17d985c2021-12-17 12:31:37.058root 11241100x8000000000000000318336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d4ace4888da2242021-12-17 12:31:37.058root 11241100x8000000000000000318337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73754fb327e07bc2021-12-17 12:31:37.058root 11241100x8000000000000000318338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca87513514b62ea2021-12-17 12:31:37.058root 11241100x8000000000000000318339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb271e5f8a45e87c2021-12-17 12:31:37.058root 11241100x8000000000000000318340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69610935accc1c4c2021-12-17 12:31:37.058root 11241100x8000000000000000318341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c285127a4fa58f2021-12-17 12:31:37.058root 11241100x8000000000000000318342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecec9d97eda66b22021-12-17 12:31:37.058root 11241100x8000000000000000318343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442863bff2add0742021-12-17 12:31:37.058root 11241100x8000000000000000318344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa85a0978257988d2021-12-17 12:31:37.058root 11241100x8000000000000000318345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a2d638f468dfd62021-12-17 12:31:37.058root 11241100x8000000000000000318346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8b26d045c665de2021-12-17 12:31:37.059root 11241100x8000000000000000318347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c09247b099ba902021-12-17 12:31:37.059root 11241100x8000000000000000318348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb44a27c9e4afbb2021-12-17 12:31:37.059root 11241100x8000000000000000318349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a54f9b4bbad1d72021-12-17 12:31:37.059root 11241100x8000000000000000318350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7d0c4c167a44d32021-12-17 12:31:37.059root 11241100x8000000000000000318351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174ead2bec82fee72021-12-17 12:31:37.059root 11241100x8000000000000000318352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5a1bbfb00e032e2021-12-17 12:31:37.557root 11241100x8000000000000000318353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00b6b5da57dc81a2021-12-17 12:31:37.557root 11241100x8000000000000000318354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa93089c63f06f0a2021-12-17 12:31:37.557root 11241100x8000000000000000318355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2899079e20a507ca2021-12-17 12:31:37.557root 11241100x8000000000000000318356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f52dfdda5bfa13b2021-12-17 12:31:37.557root 11241100x8000000000000000318357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c426406717f778e02021-12-17 12:31:37.557root 11241100x8000000000000000318358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a085a6a4cef3862021-12-17 12:31:37.557root 11241100x8000000000000000318359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0afd7160ca8a442021-12-17 12:31:37.558root 11241100x8000000000000000318360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43edb5eab4602ba42021-12-17 12:31:37.558root 11241100x8000000000000000318361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9cee265b9ea68a2021-12-17 12:31:37.558root 11241100x8000000000000000318362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1c010523fd3fff2021-12-17 12:31:37.558root 11241100x8000000000000000318363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8299d9a38b96258b2021-12-17 12:31:37.558root 11241100x8000000000000000318364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fd0f947062ef292021-12-17 12:31:37.558root 11241100x8000000000000000318365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70990ab7981548592021-12-17 12:31:37.558root 11241100x8000000000000000318366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9462acd31448ba502021-12-17 12:31:37.558root 11241100x8000000000000000318367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a041f92f988d5812021-12-17 12:31:37.558root 11241100x8000000000000000318368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a84d38db33971f72021-12-17 12:31:37.558root 11241100x8000000000000000318369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff11aaee28acee282021-12-17 12:31:37.558root 11241100x8000000000000000318370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76b32c3713364372021-12-17 12:31:37.558root 11241100x8000000000000000318371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec85918f7efff362021-12-17 12:31:37.559root 11241100x8000000000000000318372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fdc596bdeaac4b2021-12-17 12:31:37.559root 11241100x8000000000000000318373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8147d969c09508aa2021-12-17 12:31:37.559root 11241100x8000000000000000318374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a144dfd8fd27142021-12-17 12:31:37.559root 11241100x8000000000000000318375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0ad6a7cd2992042021-12-17 12:31:38.057root 11241100x8000000000000000318376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1017aa5fba4656452021-12-17 12:31:38.057root 11241100x8000000000000000318377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e015871d4998f29f2021-12-17 12:31:38.057root 11241100x8000000000000000318378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4ad855926d10982021-12-17 12:31:38.057root 11241100x8000000000000000318379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722a1e87dbafd0812021-12-17 12:31:38.057root 11241100x8000000000000000318380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d651adc501a986d2021-12-17 12:31:38.057root 11241100x8000000000000000318381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6b3d0f488161542021-12-17 12:31:38.057root 11241100x8000000000000000318382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451b394b6ad056a12021-12-17 12:31:38.058root 11241100x8000000000000000318383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea10a20cbab19302021-12-17 12:31:38.058root 11241100x8000000000000000318384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b55c9c3ba2c54f2021-12-17 12:31:38.058root 11241100x8000000000000000318385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71caa851f6e8ce2a2021-12-17 12:31:38.058root 11241100x8000000000000000318386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e464659ba4a1392d2021-12-17 12:31:38.058root 11241100x8000000000000000318387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91dc1388f18267f2021-12-17 12:31:38.058root 11241100x8000000000000000318388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e975b06a03ba2f5e2021-12-17 12:31:38.058root 11241100x8000000000000000318389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b55a52cdfd47a402021-12-17 12:31:38.058root 11241100x8000000000000000318390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ded1fd45d0610d2021-12-17 12:31:38.058root 11241100x8000000000000000318391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813f0129c72601f52021-12-17 12:31:38.058root 11241100x8000000000000000318392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36738656c3ec89b2021-12-17 12:31:38.060root 11241100x8000000000000000318393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2ae0c568f217de2021-12-17 12:31:38.060root 11241100x8000000000000000318394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d621931bd7945d82021-12-17 12:31:38.060root 11241100x8000000000000000318395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3f300fe003136e2021-12-17 12:31:38.060root 11241100x8000000000000000318396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba70463e3f74d742021-12-17 12:31:38.060root 11241100x8000000000000000318397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f0eb54e6d789c02021-12-17 12:31:38.060root 11241100x8000000000000000318398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c62810f374af442021-12-17 12:31:38.557root 11241100x8000000000000000318399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42f1aadf4b4d02b2021-12-17 12:31:38.557root 11241100x8000000000000000318400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b4d4a5b384af8b2021-12-17 12:31:38.557root 11241100x8000000000000000318401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c90d3231bce68ab2021-12-17 12:31:38.557root 11241100x8000000000000000318402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf1647c581a3cdf2021-12-17 12:31:38.557root 11241100x8000000000000000318403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52617fcd9e777d902021-12-17 12:31:38.557root 11241100x8000000000000000318404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af94db47de2c4f5f2021-12-17 12:31:38.557root 11241100x8000000000000000318405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced8a2d544bf46292021-12-17 12:31:38.558root 11241100x8000000000000000318406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cacd7e322c279b52021-12-17 12:31:38.558root 11241100x8000000000000000318407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dffd4deadf2cb92021-12-17 12:31:38.558root 11241100x8000000000000000318408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fda1a85f7f014cb2021-12-17 12:31:38.558root 11241100x8000000000000000318409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b949dfd0d521412021-12-17 12:31:38.558root 11241100x8000000000000000318410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91467ef63bff25d2021-12-17 12:31:38.558root 11241100x8000000000000000318411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba7d375edba67d32021-12-17 12:31:38.558root 11241100x8000000000000000318412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de813f09672267212021-12-17 12:31:38.558root 11241100x8000000000000000318413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7893ab933ecc0fc32021-12-17 12:31:38.558root 11241100x8000000000000000318414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a474af39dc2fbd92021-12-17 12:31:38.558root 11241100x8000000000000000318415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30c3e4eb03b66942021-12-17 12:31:38.558root 11241100x8000000000000000318416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113499293c36fe872021-12-17 12:31:38.558root 11241100x8000000000000000318417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7109166f3772bec62021-12-17 12:31:38.559root 11241100x8000000000000000318418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf9dcdb0450f2452021-12-17 12:31:38.559root 11241100x8000000000000000318419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d0eb509abe98ac2021-12-17 12:31:38.559root 11241100x8000000000000000318420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb8da40545c0d862021-12-17 12:31:38.559root 11241100x8000000000000000318421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e633d0070aa6ea2021-12-17 12:31:39.057root 11241100x8000000000000000318422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c47028626e90142021-12-17 12:31:39.057root 11241100x8000000000000000318423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4018f73e2e5c04df2021-12-17 12:31:39.057root 11241100x8000000000000000318424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe313901e96efb8d2021-12-17 12:31:39.057root 11241100x8000000000000000318425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e35c28ed8ac872b2021-12-17 12:31:39.057root 11241100x8000000000000000318426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5f15b702f72fe22021-12-17 12:31:39.058root 11241100x8000000000000000318427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6623de849b520982021-12-17 12:31:39.058root 11241100x8000000000000000318428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfada44b76315cbd2021-12-17 12:31:39.058root 11241100x8000000000000000318429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4ff0c89f2684dd2021-12-17 12:31:39.058root 11241100x8000000000000000318430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cd7db237c42d922021-12-17 12:31:39.058root 11241100x8000000000000000318431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a06c9d4d90f88c2021-12-17 12:31:39.058root 11241100x8000000000000000318432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481b29843a99edf62021-12-17 12:31:39.058root 11241100x8000000000000000318433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021c0f9298bc17272021-12-17 12:31:39.058root 11241100x8000000000000000318434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896da1bc4a4941b72021-12-17 12:31:39.058root 11241100x8000000000000000318435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5f681e2f1f85802021-12-17 12:31:39.058root 11241100x8000000000000000318436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10a21e1279044052021-12-17 12:31:39.058root 11241100x8000000000000000318437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa4059e007695e92021-12-17 12:31:39.058root 11241100x8000000000000000318438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352c349158cbe7922021-12-17 12:31:39.058root 11241100x8000000000000000318439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a748c7060d2ffb2021-12-17 12:31:39.058root 11241100x8000000000000000318440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5484f155adc7db22021-12-17 12:31:39.059root 11241100x8000000000000000318441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ec7ee8d2c825b12021-12-17 12:31:39.059root 11241100x8000000000000000318442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db142b06b280ea32021-12-17 12:31:39.059root 11241100x8000000000000000318443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52215b7431937be2021-12-17 12:31:39.059root 11241100x8000000000000000318444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32604319945b935c2021-12-17 12:31:39.557root 11241100x8000000000000000318445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149edde24138ff852021-12-17 12:31:39.558root 11241100x8000000000000000318446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc00b7ee44ad19a2021-12-17 12:31:39.558root 11241100x8000000000000000318447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d944949d6602a52021-12-17 12:31:39.558root 11241100x8000000000000000318448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cbf9cd126c6d362021-12-17 12:31:39.558root 11241100x8000000000000000318449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed291655821bf0da2021-12-17 12:31:39.558root 11241100x8000000000000000318450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e05f66c9624bd22021-12-17 12:31:39.558root 11241100x8000000000000000318451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45e2aa4c756a21a2021-12-17 12:31:39.558root 11241100x8000000000000000318452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c278e0aba6aa8782021-12-17 12:31:39.558root 11241100x8000000000000000318453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f11a022f224887f2021-12-17 12:31:39.558root 11241100x8000000000000000318454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a611096f20b038bf2021-12-17 12:31:39.558root 11241100x8000000000000000318455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0004c8564e38202021-12-17 12:31:39.558root 11241100x8000000000000000318456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654e472a481b5e222021-12-17 12:31:39.558root 11241100x8000000000000000318457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3914ad42188e3bfa2021-12-17 12:31:39.558root 11241100x8000000000000000318458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d91222194c8dbe2021-12-17 12:31:39.558root 11241100x8000000000000000318459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bd3100dc360be22021-12-17 12:31:39.559root 11241100x8000000000000000318460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a31fdd5cd9e6422021-12-17 12:31:39.559root 11241100x8000000000000000318461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682e86622c50c14a2021-12-17 12:31:39.559root 11241100x8000000000000000318462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dffa0d5adf5e0722021-12-17 12:31:39.559root 11241100x8000000000000000318463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ada5fc20b46654e2021-12-17 12:31:39.559root 11241100x8000000000000000318464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f93a55b251b08282021-12-17 12:31:39.559root 11241100x8000000000000000318465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dfa9732e7bc8c32021-12-17 12:31:39.559root 11241100x8000000000000000318466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4899d5801568de82021-12-17 12:31:39.559root 11241100x8000000000000000318467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2350aff863e657e32021-12-17 12:31:40.057root 11241100x8000000000000000318468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d365ca96e4d00c0c2021-12-17 12:31:40.057root 11241100x8000000000000000318469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e179975d71c6b252021-12-17 12:31:40.057root 11241100x8000000000000000318470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d56ea1a7497d2182021-12-17 12:31:40.057root 11241100x8000000000000000318471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dede001e3e29162021-12-17 12:31:40.057root 11241100x8000000000000000318472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487499306273fd732021-12-17 12:31:40.057root 11241100x8000000000000000318473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0365c0439dd579732021-12-17 12:31:40.057root 11241100x8000000000000000318474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb1c4381305817d2021-12-17 12:31:40.057root 11241100x8000000000000000318475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc83c4c1deffd5d42021-12-17 12:31:40.058root 11241100x8000000000000000318476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa2d33499a4eeac2021-12-17 12:31:40.058root 11241100x8000000000000000318477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5abfae1d3e69c72021-12-17 12:31:40.058root 11241100x8000000000000000318478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e004377833fcc9c72021-12-17 12:31:40.058root 11241100x8000000000000000318479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04d5aca1e9b52352021-12-17 12:31:40.058root 11241100x8000000000000000318480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dc4559a95280032021-12-17 12:31:40.058root 11241100x8000000000000000318481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fbd3d9762073ad2021-12-17 12:31:40.058root 11241100x8000000000000000318482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba34a99d4df7d3832021-12-17 12:31:40.058root 11241100x8000000000000000318483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ff1a123eb888402021-12-17 12:31:40.058root 11241100x8000000000000000318484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68508c6fc0799452021-12-17 12:31:40.058root 11241100x8000000000000000318485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311eda28b7b513812021-12-17 12:31:40.058root 11241100x8000000000000000318486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b20045f74c2c682021-12-17 12:31:40.058root 11241100x8000000000000000318487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d740b52482634a2021-12-17 12:31:40.058root 11241100x8000000000000000318488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619cca50c14982e12021-12-17 12:31:40.059root 11241100x8000000000000000318489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f6d496cc71f7e72021-12-17 12:31:40.059root 11241100x8000000000000000318490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304ad78c5ee86a262021-12-17 12:31:40.557root 11241100x8000000000000000318491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f6db4a40406a7a2021-12-17 12:31:40.557root 11241100x8000000000000000318492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ff8f781f4b6f6c2021-12-17 12:31:40.557root 11241100x8000000000000000318493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d8eb282fb0d3f32021-12-17 12:31:40.557root 11241100x8000000000000000318494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6062e9a268d25752021-12-17 12:31:40.557root 11241100x8000000000000000318495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38eb7fff1155db4d2021-12-17 12:31:40.558root 11241100x8000000000000000318496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08dcb7cdb0653fa2021-12-17 12:31:40.558root 11241100x8000000000000000318497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334bd2830c3872ea2021-12-17 12:31:40.558root 11241100x8000000000000000318498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a10224abb4e7b322021-12-17 12:31:40.558root 11241100x8000000000000000318499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d08b291a2d893ad2021-12-17 12:31:40.558root 11241100x8000000000000000318500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4805fe7bad6831902021-12-17 12:31:40.558root 11241100x8000000000000000318501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f2fc9c2968d70f2021-12-17 12:31:40.558root 11241100x8000000000000000318502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f60c476732ff7e2021-12-17 12:31:40.558root 11241100x8000000000000000318503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced6ef6d0f79c3fc2021-12-17 12:31:40.558root 11241100x8000000000000000318504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a7dabc87e8c4b92021-12-17 12:31:40.558root 11241100x8000000000000000318505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5d67947c8a131c2021-12-17 12:31:40.558root 11241100x8000000000000000318506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df145231aea9ea172021-12-17 12:31:40.558root 11241100x8000000000000000318507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334dc8920d6514ce2021-12-17 12:31:40.558root 11241100x8000000000000000318508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917a3c28f4bc11ad2021-12-17 12:31:40.558root 11241100x8000000000000000318509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4d21fc2427e50b2021-12-17 12:31:40.559root 11241100x8000000000000000318510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276794060a3a50002021-12-17 12:31:40.559root 11241100x8000000000000000318511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5a48449e725cd72021-12-17 12:31:40.559root 11241100x8000000000000000318512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0545649fd6290fe02021-12-17 12:31:40.559root 11241100x8000000000000000318513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4597db9943ef40342021-12-17 12:31:41.057root 11241100x8000000000000000318514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f53450622593142021-12-17 12:31:41.057root 11241100x8000000000000000318515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7958356c4c4c1052021-12-17 12:31:41.057root 11241100x8000000000000000318516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b453fc8f938b5b902021-12-17 12:31:41.057root 11241100x8000000000000000318517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72db0e3974b57792021-12-17 12:31:41.057root 11241100x8000000000000000318518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88483e52b8a89b62021-12-17 12:31:41.057root 11241100x8000000000000000318519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449437df1447f9b12021-12-17 12:31:41.057root 11241100x8000000000000000318520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e316dba6cebee6812021-12-17 12:31:41.058root 11241100x8000000000000000318521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e795277aba9cfd2021-12-17 12:31:41.058root 11241100x8000000000000000318522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a18cc505890c492021-12-17 12:31:41.058root 11241100x8000000000000000318523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53251e7a00761f22021-12-17 12:31:41.058root 11241100x8000000000000000318524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711e48b4de66bb482021-12-17 12:31:41.058root 11241100x8000000000000000318525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d63e32a679e4d8c2021-12-17 12:31:41.058root 11241100x8000000000000000318526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3495234cd16e742021-12-17 12:31:41.058root 11241100x8000000000000000318527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9d9afbb5952b422021-12-17 12:31:41.058root 11241100x8000000000000000318528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7dd627abd826ab2021-12-17 12:31:41.058root 11241100x8000000000000000318529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281548ea66862dfa2021-12-17 12:31:41.058root 11241100x8000000000000000318530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9ed926e7b68f432021-12-17 12:31:41.059root 11241100x8000000000000000318531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43dca97576540552021-12-17 12:31:41.059root 11241100x8000000000000000318532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92ed0916f8094522021-12-17 12:31:41.059root 11241100x8000000000000000318533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9a32de72fa69fe2021-12-17 12:31:41.059root 11241100x8000000000000000318534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82f1557d893deda2021-12-17 12:31:41.059root 11241100x8000000000000000318535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c647e1a1df540d2021-12-17 12:31:41.059root 354300x8000000000000000318536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.061{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44514-false10.0.1.12-8000- 11241100x8000000000000000318537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6d1e98b163c7d02021-12-17 12:31:41.557root 11241100x8000000000000000318538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c121952c2ceffb2021-12-17 12:31:41.557root 11241100x8000000000000000318539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5182d34e9706c822021-12-17 12:31:41.557root 11241100x8000000000000000318540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6ef18d8bd87da42021-12-17 12:31:41.557root 11241100x8000000000000000318541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a228674b6bdec9c2021-12-17 12:31:41.557root 11241100x8000000000000000318542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a46d6fef94d5662021-12-17 12:31:41.557root 11241100x8000000000000000318543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9df61762b7dd54f2021-12-17 12:31:41.558root 11241100x8000000000000000318544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c48630fbc912502021-12-17 12:31:41.558root 11241100x8000000000000000318545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104ae5d2757912682021-12-17 12:31:41.558root 11241100x8000000000000000318546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13edbb80ad5274f42021-12-17 12:31:41.558root 11241100x8000000000000000318547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e799c6bca13ad52021-12-17 12:31:41.558root 11241100x8000000000000000318548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb81c770c34c3342021-12-17 12:31:41.558root 11241100x8000000000000000318549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501b4c38383d85cf2021-12-17 12:31:41.558root 11241100x8000000000000000318550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277bd5a7e0b341602021-12-17 12:31:41.558root 11241100x8000000000000000318551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699c75f5ec0896fe2021-12-17 12:31:41.558root 11241100x8000000000000000318552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a68a54e60f18902021-12-17 12:31:41.558root 11241100x8000000000000000318553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf315b4f1673fee2021-12-17 12:31:41.558root 11241100x8000000000000000318554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44801416c30cb75b2021-12-17 12:31:41.558root 11241100x8000000000000000318555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319c2748f42cc92d2021-12-17 12:31:41.559root 11241100x8000000000000000318556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9d2e95a0348a4b2021-12-17 12:31:41.559root 11241100x8000000000000000318557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1723196d675cd7f02021-12-17 12:31:41.559root 11241100x8000000000000000318558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d00eb454fd3ad72021-12-17 12:31:41.559root 11241100x8000000000000000318559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659e00c271a680732021-12-17 12:31:41.559root 11241100x8000000000000000318560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2adee9b9e5ebc272021-12-17 12:31:41.559root 11241100x8000000000000000318561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b947d4c873c75f2021-12-17 12:31:42.058root 11241100x8000000000000000318562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d860ca75dce35dec2021-12-17 12:31:42.058root 11241100x8000000000000000318563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc4d55336e8c4962021-12-17 12:31:42.058root 11241100x8000000000000000318564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6171d055eaaba9672021-12-17 12:31:42.058root 11241100x8000000000000000318565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb220a22510deaa2021-12-17 12:31:42.058root 11241100x8000000000000000318566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcde8b5bed2e67d02021-12-17 12:31:42.058root 11241100x8000000000000000318567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc076faa02c72c622021-12-17 12:31:42.059root 11241100x8000000000000000318568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7cea8434c8fd482021-12-17 12:31:42.059root 11241100x8000000000000000318569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e7c63039d70b6d2021-12-17 12:31:42.059root 11241100x8000000000000000318570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7017b3cc0ad6a89a2021-12-17 12:31:42.059root 11241100x8000000000000000318571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75702189c9dddc502021-12-17 12:31:42.059root 11241100x8000000000000000318572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce20768966f4b8b2021-12-17 12:31:42.060root 11241100x8000000000000000318573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3663f4ff7afaeab2021-12-17 12:31:42.060root 11241100x8000000000000000318574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a330be0fb9ac0b2021-12-17 12:31:42.060root 11241100x8000000000000000318575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bf9ee32e8855412021-12-17 12:31:42.060root 11241100x8000000000000000318576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2e3e39dd4b895b2021-12-17 12:31:42.060root 11241100x8000000000000000318577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca79d5744fdf26612021-12-17 12:31:42.060root 11241100x8000000000000000318578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c7264c60d30a562021-12-17 12:31:42.061root 11241100x8000000000000000318579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b1e92e22a3a8312021-12-17 12:31:42.061root 11241100x8000000000000000318580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca92cf813996e0f2021-12-17 12:31:42.061root 11241100x8000000000000000318581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f985c95616019d712021-12-17 12:31:42.061root 11241100x8000000000000000318582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4088390d5f29dafc2021-12-17 12:31:42.061root 11241100x8000000000000000318583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c3ec8d336d72e72021-12-17 12:31:42.061root 11241100x8000000000000000318584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6559b26a6e2ed102021-12-17 12:31:42.061root 11241100x8000000000000000318585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484b11a019efde652021-12-17 12:31:42.557root 11241100x8000000000000000318586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f2831651f13d642021-12-17 12:31:42.557root 11241100x8000000000000000318587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d578f84e78ecf63e2021-12-17 12:31:42.557root 11241100x8000000000000000318588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7a5abb5eafdd632021-12-17 12:31:42.557root 11241100x8000000000000000318589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8984137cbff087b32021-12-17 12:31:42.557root 11241100x8000000000000000318590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db61153104fe60d2021-12-17 12:31:42.558root 11241100x8000000000000000318591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffff47b9a2858acd2021-12-17 12:31:42.558root 11241100x8000000000000000318592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965067707952f5302021-12-17 12:31:42.558root 11241100x8000000000000000318593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a745cef2d5a92b92021-12-17 12:31:42.558root 11241100x8000000000000000318594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f86f2cffbca7a0b2021-12-17 12:31:42.558root 11241100x8000000000000000318595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9541ae4e6b0c198f2021-12-17 12:31:42.558root 11241100x8000000000000000318596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f020de69eaaad62021-12-17 12:31:42.558root 11241100x8000000000000000318597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e8ee2b0348c00e2021-12-17 12:31:42.558root 11241100x8000000000000000318598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b708e95299392a32021-12-17 12:31:42.559root 11241100x8000000000000000318599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9fda3db61dd69a2021-12-17 12:31:42.559root 11241100x8000000000000000318600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27860f55a37498d2021-12-17 12:31:42.559root 11241100x8000000000000000318601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4da28d51f730712021-12-17 12:31:42.559root 11241100x8000000000000000318602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff468f9430b9a142021-12-17 12:31:42.559root 11241100x8000000000000000318603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7867a533e8123f2021-12-17 12:31:42.559root 11241100x8000000000000000318604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb34290bd0f56ad2021-12-17 12:31:42.559root 11241100x8000000000000000318605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065b858ef2a3cee22021-12-17 12:31:42.559root 11241100x8000000000000000318606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02455be64b780392021-12-17 12:31:42.559root 11241100x8000000000000000318607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7622376a4d136102021-12-17 12:31:42.559root 11241100x8000000000000000318608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d6bc2bbb6d2ed82021-12-17 12:31:42.560root 11241100x8000000000000000318609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d310e07ecb121bc2021-12-17 12:31:43.057root 11241100x8000000000000000318610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b295e176b24eaf2021-12-17 12:31:43.057root 11241100x8000000000000000318611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9184a75a4e5d93392021-12-17 12:31:43.057root 11241100x8000000000000000318612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c79cb578accbe172021-12-17 12:31:43.057root 11241100x8000000000000000318613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3667cd6e99d4732021-12-17 12:31:43.057root 11241100x8000000000000000318614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c17f31d4b74a5b2021-12-17 12:31:43.058root 11241100x8000000000000000318615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894bc26ae6dc76742021-12-17 12:31:43.058root 11241100x8000000000000000318616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d870e4a4d1f031382021-12-17 12:31:43.058root 11241100x8000000000000000318617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d5a5d2c9c200de2021-12-17 12:31:43.058root 11241100x8000000000000000318618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e824fd8f9bcaef012021-12-17 12:31:43.058root 11241100x8000000000000000318619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792251798604c5ba2021-12-17 12:31:43.058root 11241100x8000000000000000318620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53734d5417c1938b2021-12-17 12:31:43.058root 11241100x8000000000000000318621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92afdb3c5ff5a80a2021-12-17 12:31:43.058root 11241100x8000000000000000318622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4418c65c012b602021-12-17 12:31:43.058root 11241100x8000000000000000318623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc5f0634e636ee82021-12-17 12:31:43.058root 11241100x8000000000000000318624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecd8fca2c863d7d2021-12-17 12:31:43.058root 11241100x8000000000000000318625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f7362d397ab9092021-12-17 12:31:43.059root 11241100x8000000000000000318626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23f8e60296d66ed2021-12-17 12:31:43.059root 11241100x8000000000000000318627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c720057d85e6cd02021-12-17 12:31:43.059root 11241100x8000000000000000318628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322160bf7e6a16b02021-12-17 12:31:43.059root 11241100x8000000000000000318629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635936d78fcb1fde2021-12-17 12:31:43.059root 11241100x8000000000000000318630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96d1828d83d724d2021-12-17 12:31:43.059root 11241100x8000000000000000318631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6e9f6cb0fb40d52021-12-17 12:31:43.059root 11241100x8000000000000000318632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afb45e33fb969372021-12-17 12:31:43.060root 11241100x8000000000000000318633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27a73a31dff91982021-12-17 12:31:43.557root 11241100x8000000000000000318634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d77d78c72d66932021-12-17 12:31:43.557root 11241100x8000000000000000318635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2959b82e34089f052021-12-17 12:31:43.557root 11241100x8000000000000000318636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db24e1248bc80062021-12-17 12:31:43.557root 11241100x8000000000000000318637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f2df3d84378ba62021-12-17 12:31:43.557root 11241100x8000000000000000318638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2229713cd430b1832021-12-17 12:31:43.557root 11241100x8000000000000000318639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1ef6553f590d262021-12-17 12:31:43.558root 11241100x8000000000000000318640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e81f9af67f612b2021-12-17 12:31:43.558root 11241100x8000000000000000318641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ae5750f3f7a49e2021-12-17 12:31:43.558root 11241100x8000000000000000318642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3907ecde94db212021-12-17 12:31:43.558root 11241100x8000000000000000318643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f6b4f3abd30e5e2021-12-17 12:31:43.558root 11241100x8000000000000000318644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4854c81bb36c7eab2021-12-17 12:31:43.558root 11241100x8000000000000000318645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e95e7ae69d2c7e2021-12-17 12:31:43.558root 11241100x8000000000000000318646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d81f6ab3f6df562021-12-17 12:31:43.558root 11241100x8000000000000000318647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b998377483f29b2021-12-17 12:31:43.559root 11241100x8000000000000000318648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f600c82b50d1721a2021-12-17 12:31:43.559root 11241100x8000000000000000318649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ba06049c9b23e62021-12-17 12:31:43.559root 11241100x8000000000000000318650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862c63611ae7d48c2021-12-17 12:31:43.559root 11241100x8000000000000000318651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d064b25d3f52572021-12-17 12:31:43.559root 11241100x8000000000000000318652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02877108769383d2021-12-17 12:31:43.559root 11241100x8000000000000000318653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2bcd163d87de412021-12-17 12:31:43.559root 11241100x8000000000000000318654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c0883bf0460c742021-12-17 12:31:43.559root 11241100x8000000000000000318655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3d0f5da37a81762021-12-17 12:31:43.559root 11241100x8000000000000000318656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f05fbc1404882d2021-12-17 12:31:43.559root 11241100x8000000000000000318657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a938cc733502718f2021-12-17 12:31:44.057root 11241100x8000000000000000318658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a855114a33592c4b2021-12-17 12:31:44.057root 11241100x8000000000000000318659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3ee7e819432cf12021-12-17 12:31:44.057root 11241100x8000000000000000318660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9354f74a2b5f8d62021-12-17 12:31:44.057root 11241100x8000000000000000318661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c719bdf5461553dd2021-12-17 12:31:44.057root 11241100x8000000000000000318662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69527e0076f34c122021-12-17 12:31:44.057root 11241100x8000000000000000318663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d13cea9386b429f2021-12-17 12:31:44.058root 11241100x8000000000000000318664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bb2e6b023297a72021-12-17 12:31:44.058root 11241100x8000000000000000318665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5064f61ca7200c2021-12-17 12:31:44.058root 11241100x8000000000000000318666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23f45e171613d712021-12-17 12:31:44.058root 11241100x8000000000000000318667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960ea3ab410cf9392021-12-17 12:31:44.058root 11241100x8000000000000000318668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40ddf3c67f8eb272021-12-17 12:31:44.058root 11241100x8000000000000000318669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552714196baa8c472021-12-17 12:31:44.058root 11241100x8000000000000000318670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e48eee61cad336b2021-12-17 12:31:44.058root 11241100x8000000000000000318671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04522f8077a1674f2021-12-17 12:31:44.059root 11241100x8000000000000000318672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2dd39470f79d402021-12-17 12:31:44.059root 11241100x8000000000000000318673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fac5b6f885ae58c2021-12-17 12:31:44.059root 11241100x8000000000000000318674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61c54ebf2217ef42021-12-17 12:31:44.059root 11241100x8000000000000000318675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317b613087ea57c2021-12-17 12:31:44.059root 11241100x8000000000000000318676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5818801e9091a2a2021-12-17 12:31:44.059root 11241100x8000000000000000318677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b525a6906bcb0b1c2021-12-17 12:31:44.059root 11241100x8000000000000000318678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d2d5d89246f4a92021-12-17 12:31:44.059root 11241100x8000000000000000318679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5462c401858ff14f2021-12-17 12:31:44.059root 11241100x8000000000000000318680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f8823a0bbb1eba2021-12-17 12:31:44.060root 11241100x8000000000000000318681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4370027729b6ea2021-12-17 12:31:44.557root 11241100x8000000000000000318682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f4b2fae8fafc3f2021-12-17 12:31:44.557root 11241100x8000000000000000318683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e992db55ce71aa7d2021-12-17 12:31:44.557root 11241100x8000000000000000318684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9268899a4c18355d2021-12-17 12:31:44.557root 11241100x8000000000000000318685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8220b5a7eeb74f2021-12-17 12:31:44.558root 11241100x8000000000000000318686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c627756b30127b2021-12-17 12:31:44.558root 11241100x8000000000000000318687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f874c4603da9d2c2021-12-17 12:31:44.558root 11241100x8000000000000000318688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7261a9a9f56c63412021-12-17 12:31:44.558root 11241100x8000000000000000318689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82af22d7ddf10462021-12-17 12:31:44.558root 11241100x8000000000000000318690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d727e760d93a853c2021-12-17 12:31:44.558root 11241100x8000000000000000318691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5921c6e16a9a63cf2021-12-17 12:31:44.558root 11241100x8000000000000000318692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c83c10a8ccd5e652021-12-17 12:31:44.558root 11241100x8000000000000000318693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01999c2c96c304912021-12-17 12:31:44.558root 11241100x8000000000000000318694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a249bcf407c3831c2021-12-17 12:31:44.559root 11241100x8000000000000000318695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb105d905cda6872021-12-17 12:31:44.559root 11241100x8000000000000000318696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e007d7bb2db32e32021-12-17 12:31:44.559root 11241100x8000000000000000318697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70de335c724eac962021-12-17 12:31:44.559root 11241100x8000000000000000318698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc64910abe24cab2021-12-17 12:31:44.559root 11241100x8000000000000000318699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4546cc2cab50ca872021-12-17 12:31:44.559root 11241100x8000000000000000318700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d2c295c91664c42021-12-17 12:31:44.559root 11241100x8000000000000000318701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd65d2d79dadae52021-12-17 12:31:44.559root 11241100x8000000000000000318702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bd0da636a285f22021-12-17 12:31:44.559root 11241100x8000000000000000318703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d04f8ba0d7772c92021-12-17 12:31:44.559root 11241100x8000000000000000318704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca17b2a074cf38d12021-12-17 12:31:44.559root 11241100x8000000000000000318705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b6e162d30818582021-12-17 12:31:45.057root 11241100x8000000000000000318706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd1e02785d503e42021-12-17 12:31:45.058root 11241100x8000000000000000318707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9905dffaddf3525d2021-12-17 12:31:45.058root 11241100x8000000000000000318708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad365f4cafc36282021-12-17 12:31:45.058root 11241100x8000000000000000318709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4aa6dbf8c8096c82021-12-17 12:31:45.058root 11241100x8000000000000000318710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d65f43727333072021-12-17 12:31:45.058root 11241100x8000000000000000318711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0ba81e22a3e9fb2021-12-17 12:31:45.058root 11241100x8000000000000000318712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03c097651a4c83e2021-12-17 12:31:45.058root 11241100x8000000000000000318713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb27ac0d5f3f3c92021-12-17 12:31:45.058root 11241100x8000000000000000318714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b969f003a6de6b1f2021-12-17 12:31:45.058root 11241100x8000000000000000318715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc2a0aa90ff26ac2021-12-17 12:31:45.058root 11241100x8000000000000000318716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0cfbb6a2690c572021-12-17 12:31:45.058root 11241100x8000000000000000318717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd71bec8f7bd50792021-12-17 12:31:45.058root 11241100x8000000000000000318718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8469593c43f1408c2021-12-17 12:31:45.059root 11241100x8000000000000000318719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b909432f6352cd42021-12-17 12:31:45.059root 11241100x8000000000000000318720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7f9393b24dc24d2021-12-17 12:31:45.059root 11241100x8000000000000000318721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266922d6ee4f43e92021-12-17 12:31:45.059root 11241100x8000000000000000318722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1c390ea341db422021-12-17 12:31:45.059root 11241100x8000000000000000318723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71094d5fd1e2713e2021-12-17 12:31:45.059root 11241100x8000000000000000318724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89585706afe364e2021-12-17 12:31:45.059root 11241100x8000000000000000318725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87370b7c09bfd9862021-12-17 12:31:45.059root 11241100x8000000000000000318726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec1c8bf4f7b02ba2021-12-17 12:31:45.059root 11241100x8000000000000000318727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c580ff32ab3714e2021-12-17 12:31:45.059root 11241100x8000000000000000318728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b387d09bfbfb93db2021-12-17 12:31:45.059root 11241100x8000000000000000318729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24db09de8a2077af2021-12-17 12:31:45.556root 11241100x8000000000000000318730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7888a782b543472021-12-17 12:31:45.556root 11241100x8000000000000000318731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44c2ec455ccea8e2021-12-17 12:31:45.557root 11241100x8000000000000000318732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09910a4f4bed81a2021-12-17 12:31:45.557root 11241100x8000000000000000318733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef4ec4579facdf82021-12-17 12:31:45.557root 11241100x8000000000000000318734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667c03f76f981aff2021-12-17 12:31:45.557root 11241100x8000000000000000318735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815de828ba1e9c562021-12-17 12:31:45.557root 11241100x8000000000000000318736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56a5bb7a988ab662021-12-17 12:31:45.557root 11241100x8000000000000000318737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aebfdd46bf202be2021-12-17 12:31:45.558root 11241100x8000000000000000318738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ae236c2060cab22021-12-17 12:31:45.558root 11241100x8000000000000000318739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c994ac03122db8c92021-12-17 12:31:45.558root 11241100x8000000000000000318740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea298b150e429e382021-12-17 12:31:45.558root 11241100x8000000000000000318741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afb9325331d817f2021-12-17 12:31:45.558root 11241100x8000000000000000318742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0fd382a6ac59212021-12-17 12:31:45.559root 11241100x8000000000000000318743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffed103cbd8eaba22021-12-17 12:31:45.559root 11241100x8000000000000000318744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f6e7e2fbef93d62021-12-17 12:31:45.559root 11241100x8000000000000000318745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8624f0913a5fc42021-12-17 12:31:45.560root 11241100x8000000000000000318746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf08746289972332021-12-17 12:31:45.560root 11241100x8000000000000000318747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191eb676c1ec9fa22021-12-17 12:31:45.560root 11241100x8000000000000000318748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30269c582c503a32021-12-17 12:31:45.560root 11241100x8000000000000000318749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88110100105810292021-12-17 12:31:45.560root 11241100x8000000000000000318750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e83761a8825ff4c2021-12-17 12:31:45.561root 11241100x8000000000000000318751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabb3071a5ff17d12021-12-17 12:31:45.561root 11241100x8000000000000000318752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79dfb0bae28ad5e2021-12-17 12:31:45.561root 11241100x8000000000000000318753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e190843bea0b852021-12-17 12:31:45.562root 11241100x8000000000000000318754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5420e9b38593feb42021-12-17 12:31:45.562root 11241100x8000000000000000318755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be0d644636811c52021-12-17 12:31:45.562root 11241100x8000000000000000318756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa20ad9a825803e2021-12-17 12:31:45.562root 11241100x8000000000000000318757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1047de62e500d9972021-12-17 12:31:45.563root 11241100x8000000000000000318758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193ce92d5d132c632021-12-17 12:31:45.563root 11241100x8000000000000000318759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac161f45434c6ed2021-12-17 12:31:45.563root 11241100x8000000000000000318760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc7e0b49f499f342021-12-17 12:31:45.563root 11241100x8000000000000000318761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:45.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32118b02eba24042021-12-17 12:31:45.563root 11241100x8000000000000000318762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa35b5763dbb9af2021-12-17 12:31:46.061root 11241100x8000000000000000318763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9d9aa9803118f62021-12-17 12:31:46.062root 11241100x8000000000000000318764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5795b3099cfa58fc2021-12-17 12:31:46.062root 11241100x8000000000000000318765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ccfe257a5cf4912021-12-17 12:31:46.062root 11241100x8000000000000000318766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059c1ddb3e91caad2021-12-17 12:31:46.062root 11241100x8000000000000000318767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580e016ab68365012021-12-17 12:31:46.062root 11241100x8000000000000000318768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa20dbe7a6d3c5a2021-12-17 12:31:46.062root 11241100x8000000000000000318769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c4444465047a782021-12-17 12:31:46.062root 11241100x8000000000000000318770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cea0ee6651cec42021-12-17 12:31:46.062root 11241100x8000000000000000318771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42e80bd7908defc2021-12-17 12:31:46.062root 11241100x8000000000000000318772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d29c6fe4cf301d2021-12-17 12:31:46.062root 11241100x8000000000000000318773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb574f157badb7b2021-12-17 12:31:46.062root 11241100x8000000000000000318774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e92ebf0bcedf672021-12-17 12:31:46.062root 11241100x8000000000000000318775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6cc8a4ca26778d2021-12-17 12:31:46.063root 11241100x8000000000000000318776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3356c2e186513b592021-12-17 12:31:46.063root 11241100x8000000000000000318777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98857e1c605b67102021-12-17 12:31:46.063root 11241100x8000000000000000318778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c3b1f0e4f76de42021-12-17 12:31:46.063root 11241100x8000000000000000318779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61980f9927585ffc2021-12-17 12:31:46.063root 11241100x8000000000000000318780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505da4a56127b34d2021-12-17 12:31:46.063root 11241100x8000000000000000318781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa51d92c5801b8b2021-12-17 12:31:46.063root 11241100x8000000000000000318782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574477f7898f93d92021-12-17 12:31:46.063root 11241100x8000000000000000318783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e95fbcc23de00882021-12-17 12:31:46.063root 11241100x8000000000000000318784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217b46b13ef21ce42021-12-17 12:31:46.063root 11241100x8000000000000000318785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9834ee7c074ea1292021-12-17 12:31:46.063root 354300x8000000000000000318786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.128{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44516-false10.0.1.12-8000- 11241100x8000000000000000318787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f9633029bf510f2021-12-17 12:31:46.557root 11241100x8000000000000000318788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df056bd789e2d6ee2021-12-17 12:31:46.557root 11241100x8000000000000000318789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76150afc0b1ce3392021-12-17 12:31:46.557root 11241100x8000000000000000318790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15de1188782b8c042021-12-17 12:31:46.557root 11241100x8000000000000000318791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a839a496b4c2fb62021-12-17 12:31:46.558root 11241100x8000000000000000318792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc2d41a74126a1e2021-12-17 12:31:46.558root 11241100x8000000000000000318793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c06081d399febd2021-12-17 12:31:46.558root 11241100x8000000000000000318794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f322cea83727bab2021-12-17 12:31:46.558root 11241100x8000000000000000318795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b6155c7868f9f52021-12-17 12:31:46.558root 11241100x8000000000000000318796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b55e2d8fdd05c72021-12-17 12:31:46.558root 11241100x8000000000000000318797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31eee53253d8b64e2021-12-17 12:31:46.558root 11241100x8000000000000000318798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e53e45b6604dc42021-12-17 12:31:46.558root 11241100x8000000000000000318799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae2788343f248232021-12-17 12:31:46.558root 11241100x8000000000000000318800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fa6219aabf3c852021-12-17 12:31:46.558root 11241100x8000000000000000318801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9139a83d5c62be2021-12-17 12:31:46.559root 11241100x8000000000000000318802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82676217510c8482021-12-17 12:31:46.559root 11241100x8000000000000000318803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504782807783a2822021-12-17 12:31:46.559root 11241100x8000000000000000318804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f07a86c7e716c342021-12-17 12:31:46.559root 11241100x8000000000000000318805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416281cc5a537c092021-12-17 12:31:46.559root 11241100x8000000000000000318806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f081b32038bf4b2021-12-17 12:31:46.559root 11241100x8000000000000000318807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7a1d34f3ae7a722021-12-17 12:31:46.559root 11241100x8000000000000000318808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b481068c9bf127412021-12-17 12:31:46.559root 11241100x8000000000000000318809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e7e0de5308480c2021-12-17 12:31:46.559root 11241100x8000000000000000318810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1e98baa4b8c31e2021-12-17 12:31:46.560root 11241100x8000000000000000318811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:46.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ab7f6630285afe2021-12-17 12:31:46.560root 11241100x8000000000000000318812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b667f94b58275d2021-12-17 12:31:47.057root 11241100x8000000000000000318813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2aa0183d8d578d2021-12-17 12:31:47.057root 11241100x8000000000000000318814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c600b498d15a08292021-12-17 12:31:47.057root 11241100x8000000000000000318815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5c059362de35e02021-12-17 12:31:47.057root 11241100x8000000000000000318816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a4ddf73fad774b2021-12-17 12:31:47.057root 11241100x8000000000000000318817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100bb128e64de2dd2021-12-17 12:31:47.058root 11241100x8000000000000000318818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db3c7f3734e5c462021-12-17 12:31:47.058root 11241100x8000000000000000318819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5587c013cd9c632021-12-17 12:31:47.058root 11241100x8000000000000000318820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8ec89bfed3795d2021-12-17 12:31:47.058root 11241100x8000000000000000318821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f437828b0c7a21f72021-12-17 12:31:47.058root 11241100x8000000000000000318822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb1f254590c85452021-12-17 12:31:47.058root 11241100x8000000000000000318823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d85e1235f0784b22021-12-17 12:31:47.058root 11241100x8000000000000000318824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312d0198c9c04cc22021-12-17 12:31:47.058root 11241100x8000000000000000318825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7db5a57ffbdfce2021-12-17 12:31:47.058root 11241100x8000000000000000318826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6935c3c3cd85fd9f2021-12-17 12:31:47.058root 11241100x8000000000000000318827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b5ac52c1bd08a02021-12-17 12:31:47.058root 11241100x8000000000000000318828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54125a92093b81812021-12-17 12:31:47.058root 11241100x8000000000000000318829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbae40b26d1eb362021-12-17 12:31:47.058root 11241100x8000000000000000318830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84001ac687bd43692021-12-17 12:31:47.058root 11241100x8000000000000000318831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33cc209edea95582021-12-17 12:31:47.059root 11241100x8000000000000000318832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e6a0eead0f27212021-12-17 12:31:47.059root 11241100x8000000000000000318833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4858ef841d657e132021-12-17 12:31:47.059root 11241100x8000000000000000318834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b03bf77beee2632021-12-17 12:31:47.059root 11241100x8000000000000000318835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292c505dbdcbd5d72021-12-17 12:31:47.059root 11241100x8000000000000000318836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54b690e5aedb9d82021-12-17 12:31:47.059root 11241100x8000000000000000318837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1616a5e2faca9f102021-12-17 12:31:47.557root 11241100x8000000000000000318838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2481e07bd3f269a12021-12-17 12:31:47.557root 11241100x8000000000000000318839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8ea2bd31ce27962021-12-17 12:31:47.557root 11241100x8000000000000000318840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff00e00bc95efae72021-12-17 12:31:47.557root 11241100x8000000000000000318841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5fae072bca5bf92021-12-17 12:31:47.557root 11241100x8000000000000000318842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b6224ac09a48db2021-12-17 12:31:47.557root 11241100x8000000000000000318843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0a63d89639164e2021-12-17 12:31:47.557root 11241100x8000000000000000318844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dba4009de4c86362021-12-17 12:31:47.558root 11241100x8000000000000000318845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033c1c261cca1d2c2021-12-17 12:31:47.558root 11241100x8000000000000000318846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c037e33d44ed4c152021-12-17 12:31:47.558root 11241100x8000000000000000318847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d7b07345cc28622021-12-17 12:31:47.558root 11241100x8000000000000000318848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8efcf4b3cd69432021-12-17 12:31:47.558root 11241100x8000000000000000318849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3820f7738f4efef82021-12-17 12:31:47.558root 11241100x8000000000000000318850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302bb8c1e850ae412021-12-17 12:31:47.558root 11241100x8000000000000000318851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54c4c5671704cd62021-12-17 12:31:47.558root 11241100x8000000000000000318852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40d8272d0c2be692021-12-17 12:31:47.558root 11241100x8000000000000000318853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6733adfcf3d8a5522021-12-17 12:31:47.558root 11241100x8000000000000000318854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3e7c69850ccfda2021-12-17 12:31:47.558root 11241100x8000000000000000318855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbc12f77573fff92021-12-17 12:31:47.558root 11241100x8000000000000000318856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab6f25c6c222d2c2021-12-17 12:31:47.559root 11241100x8000000000000000318857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960d2071558f1b642021-12-17 12:31:47.559root 11241100x8000000000000000318858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cce2fab9d54f7e2021-12-17 12:31:47.559root 11241100x8000000000000000318859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3265bd4515ae526d2021-12-17 12:31:47.559root 11241100x8000000000000000318860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64842134f6d156fa2021-12-17 12:31:47.559root 11241100x8000000000000000318861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ce338526e5030c2021-12-17 12:31:47.559root 11241100x8000000000000000318862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48b5fb2c4811dcb2021-12-17 12:31:48.059root 11241100x8000000000000000318863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7909d99d5f5ced182021-12-17 12:31:48.059root 11241100x8000000000000000318864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75658f277581e5992021-12-17 12:31:48.059root 11241100x8000000000000000318865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cd0c734bf134132021-12-17 12:31:48.059root 11241100x8000000000000000318866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeccce6714ee7b72021-12-17 12:31:48.059root 11241100x8000000000000000318867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22003b30cb691d772021-12-17 12:31:48.059root 11241100x8000000000000000318868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f32365b6b1f36f42021-12-17 12:31:48.059root 11241100x8000000000000000318869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24694e8b80369bf2021-12-17 12:31:48.059root 11241100x8000000000000000318870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceae2d2c73df87e82021-12-17 12:31:48.059root 11241100x8000000000000000318871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dff3ee9bcb70e12021-12-17 12:31:48.059root 11241100x8000000000000000318872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eeb57438f1ce452021-12-17 12:31:48.060root 11241100x8000000000000000318873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26058d4c72b3eff82021-12-17 12:31:48.060root 11241100x8000000000000000318874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a199da79d85957c2021-12-17 12:31:48.060root 11241100x8000000000000000318875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c53f1a856b9fb6d2021-12-17 12:31:48.060root 11241100x8000000000000000318876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a71c23a6a237d92021-12-17 12:31:48.060root 11241100x8000000000000000318877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2f5840197d50fb2021-12-17 12:31:48.060root 11241100x8000000000000000318878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4186d53b00272a2021-12-17 12:31:48.060root 11241100x8000000000000000318879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53ddeaabf1dfc312021-12-17 12:31:48.060root 11241100x8000000000000000318880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f856d58f3181db02021-12-17 12:31:48.060root 11241100x8000000000000000318881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8871a060a5c9d82021-12-17 12:31:48.060root 11241100x8000000000000000318882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c8ffdb1206c7492021-12-17 12:31:48.060root 11241100x8000000000000000318883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63c101dd2e9c1be2021-12-17 12:31:48.060root 11241100x8000000000000000318884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cf8aee52d3e4d32021-12-17 12:31:48.061root 11241100x8000000000000000318885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35a7e04368150ca2021-12-17 12:31:48.061root 11241100x8000000000000000318886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3478b744b4b20eb02021-12-17 12:31:48.061root 11241100x8000000000000000318887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f529005620a6722021-12-17 12:31:48.557root 11241100x8000000000000000318888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f7082979f47ae52021-12-17 12:31:48.557root 11241100x8000000000000000318889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e524269a9557073b2021-12-17 12:31:48.557root 11241100x8000000000000000318890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2b776b81fe2cbe2021-12-17 12:31:48.557root 11241100x8000000000000000318891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c983d3458d937de52021-12-17 12:31:48.557root 11241100x8000000000000000318892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef87cf124debf682021-12-17 12:31:48.558root 11241100x8000000000000000318893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c87a8ddb70235352021-12-17 12:31:48.558root 11241100x8000000000000000318894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccd208d4e4920f32021-12-17 12:31:48.558root 11241100x8000000000000000318895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c019cda4ff35fc32021-12-17 12:31:48.558root 11241100x8000000000000000318896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a18124013ccd3542021-12-17 12:31:48.558root 11241100x8000000000000000318897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a48d4fba91dc0792021-12-17 12:31:48.558root 11241100x8000000000000000318898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f61a92e0bfccd02021-12-17 12:31:48.558root 11241100x8000000000000000318899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e4b5a747f63ad22021-12-17 12:31:48.558root 11241100x8000000000000000318900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc706651b46aa9e92021-12-17 12:31:48.558root 11241100x8000000000000000318901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c34e99ee90db922021-12-17 12:31:48.558root 11241100x8000000000000000318902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f944b4c10e9d63042021-12-17 12:31:48.558root 11241100x8000000000000000318903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfc12774530f9f62021-12-17 12:31:48.558root 11241100x8000000000000000318904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eae208fddf6cf092021-12-17 12:31:48.559root 11241100x8000000000000000318905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e13a322c33964e2021-12-17 12:31:48.559root 11241100x8000000000000000318906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d7ff62f18b4b482021-12-17 12:31:48.559root 11241100x8000000000000000318907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deb378b63be138b2021-12-17 12:31:48.559root 11241100x8000000000000000318908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88ee4999d69bbb12021-12-17 12:31:48.559root 11241100x8000000000000000318909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb214c3a7abaa092021-12-17 12:31:48.559root 11241100x8000000000000000318910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57504b43deb60c12021-12-17 12:31:48.559root 11241100x8000000000000000318911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f6c07e173ee5e82021-12-17 12:31:48.559root 11241100x8000000000000000318912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8389cd07c9c88412021-12-17 12:31:49.057root 11241100x8000000000000000318913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8aff4f46a1b0cdb2021-12-17 12:31:49.057root 11241100x8000000000000000318914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd811e433e70adf2021-12-17 12:31:49.057root 11241100x8000000000000000318915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc018083ee5e6692021-12-17 12:31:49.057root 11241100x8000000000000000318916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2594ea85544cdb82021-12-17 12:31:49.058root 11241100x8000000000000000318917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9147e1dd1ab3074f2021-12-17 12:31:49.058root 11241100x8000000000000000318918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c818bd6963f545b32021-12-17 12:31:49.059root 11241100x8000000000000000318919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237723132b3cdeb52021-12-17 12:31:49.059root 11241100x8000000000000000318920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ac0dd20600f2762021-12-17 12:31:49.060root 11241100x8000000000000000318921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1636fc73c4957932021-12-17 12:31:49.060root 11241100x8000000000000000318922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953ac8c4cb55eca42021-12-17 12:31:49.060root 11241100x8000000000000000318923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399fee86b39f51f12021-12-17 12:31:49.060root 11241100x8000000000000000318924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d878d3b06b9cad2021-12-17 12:31:49.060root 11241100x8000000000000000318925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2084a85a05ba67502021-12-17 12:31:49.060root 11241100x8000000000000000318926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591015f4ce363f882021-12-17 12:31:49.061root 11241100x8000000000000000318927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44550bebce5bce22021-12-17 12:31:49.061root 11241100x8000000000000000318928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafebd7c1714ad1f2021-12-17 12:31:49.061root 11241100x8000000000000000318929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edb9db2de70689a2021-12-17 12:31:49.061root 11241100x8000000000000000318930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d293b09ecb9bad402021-12-17 12:31:49.061root 11241100x8000000000000000318931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66d705ef347864c2021-12-17 12:31:49.061root 11241100x8000000000000000318932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052c7f60dea22c762021-12-17 12:31:49.061root 11241100x8000000000000000318933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25d4b713eeb074f2021-12-17 12:31:49.061root 11241100x8000000000000000318934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0a40f3f93f48da2021-12-17 12:31:49.061root 11241100x8000000000000000318935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3cd3299ee6c1572021-12-17 12:31:49.061root 11241100x8000000000000000318936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed43793df878d7c2021-12-17 12:31:49.062root 11241100x8000000000000000318937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887c8f641ba239992021-12-17 12:31:49.557root 11241100x8000000000000000318938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e38ca6565ffa682021-12-17 12:31:49.558root 11241100x8000000000000000318939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62758f6973015ccb2021-12-17 12:31:49.558root 11241100x8000000000000000318940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42924addeb9982a2021-12-17 12:31:49.558root 11241100x8000000000000000318941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb835e0b92ad72d2021-12-17 12:31:49.558root 11241100x8000000000000000318942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9ba2846f9311892021-12-17 12:31:49.558root 11241100x8000000000000000318943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226059805396c00c2021-12-17 12:31:49.558root 11241100x8000000000000000318944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02b0f0b43bdd2552021-12-17 12:31:49.558root 11241100x8000000000000000318945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d581b9540a61b42021-12-17 12:31:49.558root 11241100x8000000000000000318946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b968fa725f1dff552021-12-17 12:31:49.558root 11241100x8000000000000000318947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d686cfdd70519df02021-12-17 12:31:49.558root 11241100x8000000000000000318948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5d92b6367fe9222021-12-17 12:31:49.558root 11241100x8000000000000000318949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6bf07bea860e992021-12-17 12:31:49.558root 11241100x8000000000000000318950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1aae07e5372c522021-12-17 12:31:49.559root 11241100x8000000000000000318951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2f453197ffb3e22021-12-17 12:31:49.559root 11241100x8000000000000000318952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c6fa81e8bb51ad2021-12-17 12:31:49.559root 11241100x8000000000000000318953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070e01ee60b6eb2b2021-12-17 12:31:49.559root 11241100x8000000000000000318954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4330f0bb657254932021-12-17 12:31:49.559root 11241100x8000000000000000318955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281b417290ee8e832021-12-17 12:31:49.559root 11241100x8000000000000000318956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ad5671439f3b4e2021-12-17 12:31:49.559root 11241100x8000000000000000318957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63ac951d58f1d3e2021-12-17 12:31:49.559root 11241100x8000000000000000318958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2486667aff3841242021-12-17 12:31:49.559root 11241100x8000000000000000318959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6ab32a2bec62d32021-12-17 12:31:49.559root 11241100x8000000000000000318960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d082cad45cc61d832021-12-17 12:31:49.560root 11241100x8000000000000000318961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:49.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1831c736663197302021-12-17 12:31:49.560root 11241100x8000000000000000318962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e699c68e50035562021-12-17 12:31:50.057root 11241100x8000000000000000318963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e9f9d00c70c1292021-12-17 12:31:50.057root 11241100x8000000000000000318964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713cd0aa9205e3852021-12-17 12:31:50.057root 11241100x8000000000000000318965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2a440a6fb684342021-12-17 12:31:50.057root 11241100x8000000000000000318966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfce727ad7c71732021-12-17 12:31:50.057root 11241100x8000000000000000318967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d56bb32c062142e2021-12-17 12:31:50.058root 11241100x8000000000000000318968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0382ea1d502edeef2021-12-17 12:31:50.058root 11241100x8000000000000000318969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8cf3c4ef49b5b82021-12-17 12:31:50.058root 11241100x8000000000000000318970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d16d3650c6f1f12021-12-17 12:31:50.058root 11241100x8000000000000000318971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57068632e60069232021-12-17 12:31:50.058root 11241100x8000000000000000318972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f24fb55373e0342021-12-17 12:31:50.058root 11241100x8000000000000000318973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d483126c1508d12021-12-17 12:31:50.058root 11241100x8000000000000000318974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078ee20c38e0559b2021-12-17 12:31:50.059root 11241100x8000000000000000318975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe337d425d07eca2021-12-17 12:31:50.059root 11241100x8000000000000000318976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd7623d18bb51a22021-12-17 12:31:50.059root 11241100x8000000000000000318977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa79e8650be0a0df2021-12-17 12:31:50.059root 11241100x8000000000000000318978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d49640b00276b892021-12-17 12:31:50.059root 11241100x8000000000000000318979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4b86d5df454a1b2021-12-17 12:31:50.059root 11241100x8000000000000000318980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582fcf74d82a895e2021-12-17 12:31:50.059root 11241100x8000000000000000318981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a306852b1bc5112021-12-17 12:31:50.059root 11241100x8000000000000000318982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85003e7af5275bc92021-12-17 12:31:50.060root 11241100x8000000000000000318983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1c0a66608d6c292021-12-17 12:31:50.060root 11241100x8000000000000000318984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9bd08aa796973c2021-12-17 12:31:50.060root 11241100x8000000000000000318985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcbf835fc0698d72021-12-17 12:31:50.060root 11241100x8000000000000000318986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18baea09e340b282021-12-17 12:31:50.060root 11241100x8000000000000000318987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1305887697a9d72021-12-17 12:31:50.557root 11241100x8000000000000000318988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95de2fa0c5efe78d2021-12-17 12:31:50.557root 11241100x8000000000000000318989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef269c18b2442992021-12-17 12:31:50.557root 11241100x8000000000000000318990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f16f30cff41c452021-12-17 12:31:50.557root 11241100x8000000000000000318991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c764bfd8435b7d9c2021-12-17 12:31:50.558root 11241100x8000000000000000318992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec24d1fffa13ef2f2021-12-17 12:31:50.558root 11241100x8000000000000000318993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0447359e7d7fd0672021-12-17 12:31:50.558root 11241100x8000000000000000318994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6e732bb1863ada2021-12-17 12:31:50.558root 11241100x8000000000000000318995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbe8efa42b5d6c62021-12-17 12:31:50.558root 11241100x8000000000000000318996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc92dbd84952bb6e2021-12-17 12:31:50.558root 11241100x8000000000000000318997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfe0befe7ebd8ba2021-12-17 12:31:50.558root 11241100x8000000000000000318998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1013b989c2d1b0a12021-12-17 12:31:50.558root 11241100x8000000000000000318999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e57a4ffac345f92021-12-17 12:31:50.558root 11241100x8000000000000000319000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4b5dc70c7205c42021-12-17 12:31:50.558root 11241100x8000000000000000319001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e814425d5f2d402021-12-17 12:31:50.558root 11241100x8000000000000000319002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64d6f2e6f0f1a082021-12-17 12:31:50.558root 11241100x8000000000000000319003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda31a5ea153f0932021-12-17 12:31:50.559root 11241100x8000000000000000319004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d5341765089c4a2021-12-17 12:31:50.559root 11241100x8000000000000000319005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9e94cacc4764c32021-12-17 12:31:50.559root 11241100x8000000000000000319006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d214a9d5e68381c2021-12-17 12:31:50.559root 11241100x8000000000000000319007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ec0852e68a51572021-12-17 12:31:50.559root 11241100x8000000000000000319008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e30d70e15683b642021-12-17 12:31:50.559root 11241100x8000000000000000319009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d5033a476973d22021-12-17 12:31:50.559root 11241100x8000000000000000319010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241d4a4091fa03f92021-12-17 12:31:50.559root 11241100x8000000000000000319011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:50.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e207de69251324c72021-12-17 12:31:50.559root 11241100x8000000000000000319012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cbd258a6247cef2021-12-17 12:31:51.057root 11241100x8000000000000000319013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc3c7b07e4720002021-12-17 12:31:51.057root 11241100x8000000000000000319014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba27a565eabff172021-12-17 12:31:51.057root 11241100x8000000000000000319015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3bd929e8a3f76a2021-12-17 12:31:51.057root 11241100x8000000000000000319016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef90e5d1832eef72021-12-17 12:31:51.057root 11241100x8000000000000000319017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad7d467e2d83d082021-12-17 12:31:51.058root 11241100x8000000000000000319018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80f3e60c1a71ece2021-12-17 12:31:51.058root 11241100x8000000000000000319019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143a7c4e9d58b23e2021-12-17 12:31:51.058root 11241100x8000000000000000319020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03725083d7a6a62d2021-12-17 12:31:51.058root 11241100x8000000000000000319021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a69f94618fd5452021-12-17 12:31:51.058root 11241100x8000000000000000319022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2913779d8baa1cfd2021-12-17 12:31:51.058root 11241100x8000000000000000319023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b62d34fe2881cc2021-12-17 12:31:51.058root 11241100x8000000000000000319024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597286de91ec6af42021-12-17 12:31:51.058root 11241100x8000000000000000319025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61acaaf7ad3da522021-12-17 12:31:51.058root 11241100x8000000000000000319026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f733a479e4a36a82021-12-17 12:31:51.058root 11241100x8000000000000000319027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82798648005f838b2021-12-17 12:31:51.058root 11241100x8000000000000000319028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e35861bcb9c4b612021-12-17 12:31:51.058root 11241100x8000000000000000319029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d501d888af81698d2021-12-17 12:31:51.058root 11241100x8000000000000000319030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f013a8f9d380d62021-12-17 12:31:51.058root 11241100x8000000000000000319031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf5d0c3f4c99f112021-12-17 12:31:51.058root 11241100x8000000000000000319032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aab6ffe9a006f332021-12-17 12:31:51.059root 11241100x8000000000000000319033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdb1c3fbbe02a052021-12-17 12:31:51.059root 11241100x8000000000000000319034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0009d26cb0862172021-12-17 12:31:51.059root 11241100x8000000000000000319035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69ae796ccb5c33f2021-12-17 12:31:51.059root 11241100x8000000000000000319036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746fd2f2b5b0349e2021-12-17 12:31:51.059root 354300x8000000000000000319037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.175{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44518-false10.0.1.12-8000- 11241100x8000000000000000319038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abf0bf4d2aa41e02021-12-17 12:31:51.557root 11241100x8000000000000000319039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81f0d199f723c722021-12-17 12:31:51.557root 11241100x8000000000000000319040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7141658ca5bc0f102021-12-17 12:31:51.557root 11241100x8000000000000000319041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd435ac072a64652021-12-17 12:31:51.557root 11241100x8000000000000000319042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f68dab9f359d35f2021-12-17 12:31:51.557root 11241100x8000000000000000319043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bd6250914d04d32021-12-17 12:31:51.558root 11241100x8000000000000000319044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03d64acd44302d22021-12-17 12:31:51.558root 11241100x8000000000000000319045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11059c8e83bfdc32021-12-17 12:31:51.558root 11241100x8000000000000000319046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8b2fd8da3a90ba2021-12-17 12:31:51.558root 11241100x8000000000000000319047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4aab56ffcc2e45d2021-12-17 12:31:51.558root 11241100x8000000000000000319048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f018f57d8787ca2021-12-17 12:31:51.558root 11241100x8000000000000000319049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074fa8f40bc542582021-12-17 12:31:51.558root 11241100x8000000000000000319050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d090fd1e131aa49f2021-12-17 12:31:51.558root 11241100x8000000000000000319051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f560a0c695f318bd2021-12-17 12:31:51.558root 11241100x8000000000000000319052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79825c420bc6edce2021-12-17 12:31:51.558root 11241100x8000000000000000319053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a694714b0cd7252021-12-17 12:31:51.558root 11241100x8000000000000000319054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f20a13fd31396572021-12-17 12:31:51.558root 11241100x8000000000000000319055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8c55a997ef4a992021-12-17 12:31:51.558root 11241100x8000000000000000319056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47f8a293ec7b8292021-12-17 12:31:51.558root 11241100x8000000000000000319057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ef9624fe7073dc2021-12-17 12:31:51.558root 11241100x8000000000000000319058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf48094f26780742021-12-17 12:31:51.559root 11241100x8000000000000000319059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bf00ea87949a932021-12-17 12:31:51.559root 11241100x8000000000000000319060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa19a9a82becb0762021-12-17 12:31:51.559root 11241100x8000000000000000319061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987ad928639ea9092021-12-17 12:31:51.559root 11241100x8000000000000000319062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d7041c1f4c3cac2021-12-17 12:31:51.559root 11241100x8000000000000000319063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:51.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439aec25f92683172021-12-17 12:31:51.559root 11241100x8000000000000000319064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b90975b36d374e2021-12-17 12:31:52.057root 11241100x8000000000000000319065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a3bba00121f9d32021-12-17 12:31:52.057root 11241100x8000000000000000319066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02501d1cba61c022021-12-17 12:31:52.057root 11241100x8000000000000000319067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b52fada9601c502021-12-17 12:31:52.057root 11241100x8000000000000000319068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953395fdbda8789d2021-12-17 12:31:52.057root 11241100x8000000000000000319069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e67f5dd9855292a2021-12-17 12:31:52.058root 11241100x8000000000000000319070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8c12465bb519bd2021-12-17 12:31:52.058root 11241100x8000000000000000319071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5530acae1e3ab3652021-12-17 12:31:52.058root 11241100x8000000000000000319072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffc33bfbd69f7172021-12-17 12:31:52.058root 11241100x8000000000000000319073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c50f4a0d90d6ce2021-12-17 12:31:52.058root 11241100x8000000000000000319074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c8a12becc807782021-12-17 12:31:52.058root 11241100x8000000000000000319075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04085146840690ff2021-12-17 12:31:52.058root 11241100x8000000000000000319076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a0ef1900ea8b2e2021-12-17 12:31:52.058root 11241100x8000000000000000319077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f655ba59a7cdca52021-12-17 12:31:52.058root 11241100x8000000000000000319078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bb6bfa91f002c02021-12-17 12:31:52.058root 11241100x8000000000000000319079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c998058cf7f5d8ad2021-12-17 12:31:52.059root 11241100x8000000000000000319080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecb4a381bc01eec2021-12-17 12:31:52.059root 11241100x8000000000000000319081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745971b4177a27b32021-12-17 12:31:52.059root 11241100x8000000000000000319082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e506bcaacd516b2021-12-17 12:31:52.059root 11241100x8000000000000000319083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af19121a9d16c9f2021-12-17 12:31:52.059root 11241100x8000000000000000319084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46abe20245368cf22021-12-17 12:31:52.059root 11241100x8000000000000000319085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5437c46c3603f9782021-12-17 12:31:52.059root 11241100x8000000000000000319086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d07359b664f15f2021-12-17 12:31:52.059root 11241100x8000000000000000319087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c7e9eb762284882021-12-17 12:31:52.059root 11241100x8000000000000000319088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10d132291ad75352021-12-17 12:31:52.060root 11241100x8000000000000000319089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7df311a9d0e8b122021-12-17 12:31:52.060root 11241100x8000000000000000319090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8670a75062f0192021-12-17 12:31:52.557root 11241100x8000000000000000319091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3e408b34b81bee2021-12-17 12:31:52.557root 11241100x8000000000000000319092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982446bcfc1dcb902021-12-17 12:31:52.557root 11241100x8000000000000000319093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e028896c501e406d2021-12-17 12:31:52.558root 11241100x8000000000000000319094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81282f27018c7f692021-12-17 12:31:52.558root 11241100x8000000000000000319095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11af067b6ffc33202021-12-17 12:31:52.558root 11241100x8000000000000000319096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3176978c1851cc2021-12-17 12:31:52.558root 11241100x8000000000000000319097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41803953bb01c0d2021-12-17 12:31:52.558root 11241100x8000000000000000319098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17877e400ab9d5a82021-12-17 12:31:52.558root 11241100x8000000000000000319099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e8b0acd12db6402021-12-17 12:31:52.558root 11241100x8000000000000000319100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfe9857e356fc8b2021-12-17 12:31:52.558root 11241100x8000000000000000319101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110e5b3ff45699332021-12-17 12:31:52.558root 11241100x8000000000000000319102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfe88eb6870bfb22021-12-17 12:31:52.558root 11241100x8000000000000000319103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986c8b0529a529eb2021-12-17 12:31:52.559root 11241100x8000000000000000319104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b623bb1565bec72021-12-17 12:31:52.559root 11241100x8000000000000000319105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57c150a57989bbb2021-12-17 12:31:52.559root 11241100x8000000000000000319106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808d82e8cc3939fc2021-12-17 12:31:52.559root 11241100x8000000000000000319107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4adbd8fa5bd60e2021-12-17 12:31:52.559root 11241100x8000000000000000319108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7330865e623ab4e92021-12-17 12:31:52.559root 11241100x8000000000000000319109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e6ab5ddc95a0be2021-12-17 12:31:52.559root 11241100x8000000000000000319110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6440f62e49c20022021-12-17 12:31:52.560root 11241100x8000000000000000319111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238d0e97d97625152021-12-17 12:31:52.560root 11241100x8000000000000000319112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c294e4c31905b02021-12-17 12:31:52.560root 11241100x8000000000000000319113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5134cbd28a0226e12021-12-17 12:31:52.560root 11241100x8000000000000000319114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ace690ca9dd69252021-12-17 12:31:52.560root 11241100x8000000000000000319115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:52.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380b73bbce8abbd32021-12-17 12:31:52.560root 11241100x8000000000000000319116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc673eb92265edc2021-12-17 12:31:53.057root 11241100x8000000000000000319117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c104792de576752021-12-17 12:31:53.057root 11241100x8000000000000000319118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9d1d03e2a91f822021-12-17 12:31:53.057root 11241100x8000000000000000319119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096f6dccedcf1a642021-12-17 12:31:53.057root 11241100x8000000000000000319120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc3cf43edabe9372021-12-17 12:31:53.058root 11241100x8000000000000000319121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bffeaab8a1b5eb22021-12-17 12:31:53.058root 11241100x8000000000000000319122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007d7a3be80f8a692021-12-17 12:31:53.058root 11241100x8000000000000000319123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32241ceba972f1db2021-12-17 12:31:53.058root 11241100x8000000000000000319124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec0a8e8c91da07c2021-12-17 12:31:53.058root 11241100x8000000000000000319125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3679f0ba71859b2021-12-17 12:31:53.058root 11241100x8000000000000000319126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd0fef20a857d4f2021-12-17 12:31:53.058root 11241100x8000000000000000319127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9934e9026f3025012021-12-17 12:31:53.059root 11241100x8000000000000000319128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37f05e227d34e7a2021-12-17 12:31:53.059root 11241100x8000000000000000319129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4fdb0532488bdd2021-12-17 12:31:53.059root 11241100x8000000000000000319130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69420510df76683d2021-12-17 12:31:53.059root 11241100x8000000000000000319131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e24aad2bee2de2d2021-12-17 12:31:53.059root 11241100x8000000000000000319132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049400caee48cd4f2021-12-17 12:31:53.059root 11241100x8000000000000000319133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1c44757c62adbe2021-12-17 12:31:53.059root 11241100x8000000000000000319134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbb8c3017e07c382021-12-17 12:31:53.059root 11241100x8000000000000000319135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79147eb7650dae22021-12-17 12:31:53.059root 11241100x8000000000000000319136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c0cd88e30424f92021-12-17 12:31:53.059root 11241100x8000000000000000319137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674df5f222bd5bd32021-12-17 12:31:53.059root 11241100x8000000000000000319138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d04c260ada147f2021-12-17 12:31:53.059root 11241100x8000000000000000319139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9903e46c3bb3ece32021-12-17 12:31:53.060root 11241100x8000000000000000319140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff80be98d6bfb7b2021-12-17 12:31:53.060root 11241100x8000000000000000319141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2257bebc01eb6c02021-12-17 12:31:53.060root 11241100x8000000000000000319142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9453207a73527d2021-12-17 12:31:53.557root 11241100x8000000000000000319143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4326fa9d6d6a6cd22021-12-17 12:31:53.557root 11241100x8000000000000000319144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba5adfe538791e32021-12-17 12:31:53.557root 11241100x8000000000000000319145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb40a63562991452021-12-17 12:31:53.557root 11241100x8000000000000000319146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac75f7a889df1c52021-12-17 12:31:53.557root 11241100x8000000000000000319147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8bbdd6851bfb2a2021-12-17 12:31:53.558root 11241100x8000000000000000319148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e932ab5a0d1d50062021-12-17 12:31:53.558root 11241100x8000000000000000319149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83be931b04ebcc152021-12-17 12:31:53.558root 11241100x8000000000000000319150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c53682a9dcd82882021-12-17 12:31:53.558root 11241100x8000000000000000319151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d879f9833ae4921a2021-12-17 12:31:53.558root 11241100x8000000000000000319152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6986177efc8198ea2021-12-17 12:31:53.558root 11241100x8000000000000000319153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ee182ef364c1962021-12-17 12:31:53.558root 11241100x8000000000000000319154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4e530b9c81f54e2021-12-17 12:31:53.558root 11241100x8000000000000000319155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5204a6a0c229c8902021-12-17 12:31:53.558root 11241100x8000000000000000319156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ca080ecc1308c52021-12-17 12:31:53.558root 11241100x8000000000000000319157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997118c5aa6301292021-12-17 12:31:53.558root 11241100x8000000000000000319158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c2e4134f8457042021-12-17 12:31:53.558root 11241100x8000000000000000319159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb1f6028727bb9e2021-12-17 12:31:53.558root 11241100x8000000000000000319160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b828fa76ad14842021-12-17 12:31:53.559root 11241100x8000000000000000319161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24229a32eec55ee72021-12-17 12:31:53.559root 11241100x8000000000000000319162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25e9562261da1542021-12-17 12:31:53.559root 11241100x8000000000000000319163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25e8780feda62422021-12-17 12:31:53.559root 11241100x8000000000000000319164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc338dcc90e52ab2021-12-17 12:31:53.559root 11241100x8000000000000000319165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17efd1f409f1d01b2021-12-17 12:31:53.559root 11241100x8000000000000000319166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa80de4d72de1f202021-12-17 12:31:53.559root 11241100x8000000000000000319167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:53.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996a8c1ba5851cb52021-12-17 12:31:53.559root 11241100x8000000000000000319168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168b363ee475e1d52021-12-17 12:31:54.057root 11241100x8000000000000000319169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d6b03c473894de2021-12-17 12:31:54.057root 11241100x8000000000000000319170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224933e5e8406c3b2021-12-17 12:31:54.057root 11241100x8000000000000000319171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02439aa223a8bf302021-12-17 12:31:54.057root 11241100x8000000000000000319172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacbf0cb4dd85ec32021-12-17 12:31:54.057root 11241100x8000000000000000319173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb606398234ee132021-12-17 12:31:54.058root 11241100x8000000000000000319174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546e5acc794b9dc32021-12-17 12:31:54.058root 11241100x8000000000000000319175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4701fffc2e4a9e32021-12-17 12:31:54.058root 11241100x8000000000000000319176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14883722617a5a792021-12-17 12:31:54.058root 11241100x8000000000000000319177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a10c4d938d1010d2021-12-17 12:31:54.058root 11241100x8000000000000000319178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ad65563854ed122021-12-17 12:31:54.058root 11241100x8000000000000000319179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f828b08fe213ce082021-12-17 12:31:54.058root 11241100x8000000000000000319180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c0882d843308062021-12-17 12:31:54.058root 11241100x8000000000000000319181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3691ef18a219002021-12-17 12:31:54.058root 11241100x8000000000000000319182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ae9f9a6d55dfbc2021-12-17 12:31:54.058root 11241100x8000000000000000319183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce70f3cdb88360d62021-12-17 12:31:54.058root 11241100x8000000000000000319184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75859e17e34bc7db2021-12-17 12:31:54.058root 11241100x8000000000000000319185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207140006cc6978d2021-12-17 12:31:54.058root 11241100x8000000000000000319186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8459ebd1bdcb59b72021-12-17 12:31:54.058root 11241100x8000000000000000319187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec876fd5135a7702021-12-17 12:31:54.059root 11241100x8000000000000000319188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce636fced2547ff62021-12-17 12:31:54.059root 11241100x8000000000000000319189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac65b45768218e2d2021-12-17 12:31:54.059root 11241100x8000000000000000319190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af3760323dad89c2021-12-17 12:31:54.059root 11241100x8000000000000000319191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7391a4473b54c22021-12-17 12:31:54.059root 11241100x8000000000000000319192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f448fe1acd0d4ab62021-12-17 12:31:54.059root 11241100x8000000000000000319193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a532213ff020dfc2021-12-17 12:31:54.059root 11241100x8000000000000000319194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe3bdf3423c20bd2021-12-17 12:31:54.557root 11241100x8000000000000000319195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38618b73d4c73f6c2021-12-17 12:31:54.557root 11241100x8000000000000000319196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a997329f5fb53b62021-12-17 12:31:54.557root 11241100x8000000000000000319197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6351197da21848272021-12-17 12:31:54.557root 11241100x8000000000000000319198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfeb3c38d881a6d2021-12-17 12:31:54.557root 11241100x8000000000000000319199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5968df142e35ffd42021-12-17 12:31:54.558root 11241100x8000000000000000319200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd88ec532f4d7552021-12-17 12:31:54.558root 11241100x8000000000000000319201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c3371413df0bdb2021-12-17 12:31:54.558root 11241100x8000000000000000319202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a14a2011a8caa22021-12-17 12:31:54.558root 11241100x8000000000000000319203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020dc23b4aec504f2021-12-17 12:31:54.558root 11241100x8000000000000000319204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748ad3306986036a2021-12-17 12:31:54.558root 11241100x8000000000000000319205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bfa7e7026ec05b2021-12-17 12:31:54.558root 11241100x8000000000000000319206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21f38412164dc672021-12-17 12:31:54.558root 11241100x8000000000000000319207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec2af7cfe4d84fd2021-12-17 12:31:54.558root 11241100x8000000000000000319208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301617ecaba01a6e2021-12-17 12:31:54.558root 11241100x8000000000000000319209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd41c2b60148c9152021-12-17 12:31:54.558root 11241100x8000000000000000319210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c8fac7b589c15e2021-12-17 12:31:54.558root 11241100x8000000000000000319211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e15ac21161305c2021-12-17 12:31:54.558root 11241100x8000000000000000319212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f66b936009463b2021-12-17 12:31:54.558root 11241100x8000000000000000319213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6724b7d440cb0e2021-12-17 12:31:54.558root 11241100x8000000000000000319214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d9ad4ea1407b022021-12-17 12:31:54.559root 11241100x8000000000000000319215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a85e390853bb0592021-12-17 12:31:54.559root 11241100x8000000000000000319216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34adba9f5e22c86a2021-12-17 12:31:54.559root 11241100x8000000000000000319217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7ddb0ebdab35872021-12-17 12:31:54.559root 11241100x8000000000000000319218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b635637351fb922021-12-17 12:31:54.559root 11241100x8000000000000000319219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:54.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068fb54d5f01a36a2021-12-17 12:31:54.559root 11241100x8000000000000000319220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75a4a7550ff5b972021-12-17 12:31:55.057root 11241100x8000000000000000319221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1ad65df1b48b0e2021-12-17 12:31:55.057root 11241100x8000000000000000319222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10a33f4895b50d22021-12-17 12:31:55.058root 11241100x8000000000000000319223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3fc05236101ec62021-12-17 12:31:55.058root 11241100x8000000000000000319224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2d8f5f7c752aea2021-12-17 12:31:55.058root 11241100x8000000000000000319225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e675f91e1031c622021-12-17 12:31:55.058root 11241100x8000000000000000319226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e7ec6171243eb52021-12-17 12:31:55.058root 11241100x8000000000000000319227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dab6b45d7be9ef2021-12-17 12:31:55.058root 11241100x8000000000000000319228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd2106ccf6037c12021-12-17 12:31:55.058root 11241100x8000000000000000319229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c57ff7a645dafe2021-12-17 12:31:55.058root 11241100x8000000000000000319230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f346da6c1dab6b132021-12-17 12:31:55.058root 11241100x8000000000000000319231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd8924ce0468ea12021-12-17 12:31:55.058root 11241100x8000000000000000319232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b0c137ce6c0b3f2021-12-17 12:31:55.058root 11241100x8000000000000000319233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a0a0477a9f7d3b2021-12-17 12:31:55.058root 11241100x8000000000000000319234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac72e7e38bd70992021-12-17 12:31:55.058root 11241100x8000000000000000319235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931444128db6edff2021-12-17 12:31:55.059root 11241100x8000000000000000319236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38b81771cddb03a2021-12-17 12:31:55.059root 11241100x8000000000000000319237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1efe42fb073f322021-12-17 12:31:55.059root 11241100x8000000000000000319238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeef4f78572879782021-12-17 12:31:55.059root 11241100x8000000000000000319239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d81bd147ffabdb2021-12-17 12:31:55.059root 11241100x8000000000000000319240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d752ba7e394bae2021-12-17 12:31:55.059root 11241100x8000000000000000319241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5186580271e45f42021-12-17 12:31:55.059root 11241100x8000000000000000319242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9fc2537d55d27c2021-12-17 12:31:55.059root 11241100x8000000000000000319243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8d78ba4dc08c142021-12-17 12:31:55.059root 11241100x8000000000000000319244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8dd844953cc3572021-12-17 12:31:55.059root 11241100x8000000000000000319245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1fd221dd5fbe5c2021-12-17 12:31:55.059root 11241100x8000000000000000319246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da8568e955799992021-12-17 12:31:55.557root 11241100x8000000000000000319247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcbda0c681c11432021-12-17 12:31:55.557root 11241100x8000000000000000319248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de81cd87d153b842021-12-17 12:31:55.557root 11241100x8000000000000000319249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86320abf81c57cbc2021-12-17 12:31:55.557root 11241100x8000000000000000319250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d9f0db0e82cfa92021-12-17 12:31:55.557root 11241100x8000000000000000319251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3c785d6c1bdaae2021-12-17 12:31:55.558root 11241100x8000000000000000319252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e172cb68a0ec632021-12-17 12:31:55.558root 11241100x8000000000000000319253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d841fff7a06264d82021-12-17 12:31:55.558root 11241100x8000000000000000319254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b1aa056c09aac22021-12-17 12:31:55.558root 11241100x8000000000000000319255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51e731df20e22d42021-12-17 12:31:55.558root 11241100x8000000000000000319256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f5bddd13d14c902021-12-17 12:31:55.558root 11241100x8000000000000000319257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6565f15d9a38ac92021-12-17 12:31:55.559root 11241100x8000000000000000319258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac72300dc155fa5d2021-12-17 12:31:55.559root 11241100x8000000000000000319259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106896b4ba959ff02021-12-17 12:31:55.559root 11241100x8000000000000000319260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fef0f11231ac9ed2021-12-17 12:31:55.559root 11241100x8000000000000000319261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e4b710200855492021-12-17 12:31:55.559root 11241100x8000000000000000319262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc2e0d4b7b4bd512021-12-17 12:31:55.559root 11241100x8000000000000000319263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6f77e0f43ef5c82021-12-17 12:31:55.559root 11241100x8000000000000000319264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb93e0107216a5d2021-12-17 12:31:55.559root 11241100x8000000000000000319265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f2fc391f9cde072021-12-17 12:31:55.559root 11241100x8000000000000000319266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ee75b913da80d62021-12-17 12:31:55.560root 11241100x8000000000000000319267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df0beb211c642d82021-12-17 12:31:55.560root 11241100x8000000000000000319268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf13af9a913f2a52021-12-17 12:31:55.560root 11241100x8000000000000000319269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9ce6dea88d3d3f2021-12-17 12:31:55.560root 11241100x8000000000000000319270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f35e0e4af8e9952021-12-17 12:31:55.560root 11241100x8000000000000000319271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:55.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca6e2fc6353d5cf2021-12-17 12:31:55.560root 11241100x8000000000000000319272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3a5a24f06d310f2021-12-17 12:31:56.057root 11241100x8000000000000000319273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0623a531a11630552021-12-17 12:31:56.057root 11241100x8000000000000000319274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89482a0969bc52302021-12-17 12:31:56.058root 11241100x8000000000000000319275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9aea0cbe14ca852021-12-17 12:31:56.058root 11241100x8000000000000000319276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e77a3b27721ecec2021-12-17 12:31:56.058root 11241100x8000000000000000319277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b154daf58854cc2e2021-12-17 12:31:56.058root 11241100x8000000000000000319278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900422cf5dbd293a2021-12-17 12:31:56.058root 11241100x8000000000000000319279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5b6f6ad3e20c372021-12-17 12:31:56.058root 11241100x8000000000000000319280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72d0137e712a0f12021-12-17 12:31:56.058root 11241100x8000000000000000319281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2f5bd239e33f522021-12-17 12:31:56.058root 11241100x8000000000000000319282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d0b764f974b39a2021-12-17 12:31:56.058root 11241100x8000000000000000319283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b487db5d3db02d042021-12-17 12:31:56.059root 11241100x8000000000000000319284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76ff02fd260b3ae2021-12-17 12:31:56.059root 11241100x8000000000000000319285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca959c0f52e040e32021-12-17 12:31:56.059root 11241100x8000000000000000319286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10ea0b335eecd1d2021-12-17 12:31:56.059root 11241100x8000000000000000319287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c8c49452946ea32021-12-17 12:31:56.059root 11241100x8000000000000000319288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b1d27794eebf9a2021-12-17 12:31:56.059root 11241100x8000000000000000319289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6801505d59d11e2021-12-17 12:31:56.059root 11241100x8000000000000000319290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22d789ce2e521722021-12-17 12:31:56.059root 11241100x8000000000000000319291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aa8183f7dd205c2021-12-17 12:31:56.060root 11241100x8000000000000000319292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c280b4163d099b912021-12-17 12:31:56.060root 11241100x8000000000000000319293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18a2923ebbf1a852021-12-17 12:31:56.060root 11241100x8000000000000000319294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173f09cc24f5c7402021-12-17 12:31:56.060root 11241100x8000000000000000319295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c312caf63bfeb6802021-12-17 12:31:56.060root 11241100x8000000000000000319296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1318cea883a4b62021-12-17 12:31:56.060root 11241100x8000000000000000319297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba74b4ecb0307452021-12-17 12:31:56.060root 11241100x8000000000000000319298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfab72d167ed8aed2021-12-17 12:31:56.557root 11241100x8000000000000000319299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49a88ec844823252021-12-17 12:31:56.557root 11241100x8000000000000000319300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af36fbb586437c62021-12-17 12:31:56.557root 11241100x8000000000000000319301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66562a8c899637b52021-12-17 12:31:56.557root 11241100x8000000000000000319302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17ed5b581059f492021-12-17 12:31:56.558root 11241100x8000000000000000319303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6784e3cc4dc7732021-12-17 12:31:56.558root 11241100x8000000000000000319304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee06f7a0292399352021-12-17 12:31:56.558root 11241100x8000000000000000319305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3164b48cd66c0532021-12-17 12:31:56.558root 11241100x8000000000000000319306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964e83c83c40f2b2021-12-17 12:31:56.558root 11241100x8000000000000000319307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3856039bd316ad02021-12-17 12:31:56.558root 11241100x8000000000000000319308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306324cad45f78b32021-12-17 12:31:56.558root 11241100x8000000000000000319309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac1ad50338ff8462021-12-17 12:31:56.558root 11241100x8000000000000000319310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c24c05ad9e00c32021-12-17 12:31:56.558root 11241100x8000000000000000319311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a376addc0152d4c2021-12-17 12:31:56.559root 11241100x8000000000000000319312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6fab97a3247b242021-12-17 12:31:56.559root 11241100x8000000000000000319313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be44d5cfeed44e02021-12-17 12:31:56.559root 11241100x8000000000000000319314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b16c5cbf5a09d452021-12-17 12:31:56.559root 11241100x8000000000000000319315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8337f64dedd09ed02021-12-17 12:31:56.559root 11241100x8000000000000000319316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097219d06c1d3a322021-12-17 12:31:56.559root 11241100x8000000000000000319317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eae1652f5b374a2021-12-17 12:31:56.560root 11241100x8000000000000000319318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860a04528f3d5d7a2021-12-17 12:31:56.560root 11241100x8000000000000000319319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620198d01ab5431d2021-12-17 12:31:56.560root 11241100x8000000000000000319320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33faedc970ecc4322021-12-17 12:31:56.560root 11241100x8000000000000000319321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d19a73fc31f27262021-12-17 12:31:56.560root 11241100x8000000000000000319322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f558cfa230059f612021-12-17 12:31:56.560root 11241100x8000000000000000319323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:56.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206646e4dcabee9d2021-12-17 12:31:56.561root 11241100x8000000000000000319324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8125cf3a092fa7e82021-12-17 12:31:57.057root 11241100x8000000000000000319325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a7efe3effae9272021-12-17 12:31:57.057root 11241100x8000000000000000319326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037006e7f96a627e2021-12-17 12:31:57.057root 11241100x8000000000000000319327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a185b20492a45dbd2021-12-17 12:31:57.058root 11241100x8000000000000000319328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bd521069a66afa2021-12-17 12:31:57.058root 11241100x8000000000000000319329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dcf0f1a4fc924a2021-12-17 12:31:57.058root 11241100x8000000000000000319330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e2620e0843af8a2021-12-17 12:31:57.058root 11241100x8000000000000000319331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b509101245afc42d2021-12-17 12:31:57.058root 11241100x8000000000000000319332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695a774afc8485002021-12-17 12:31:57.059root 11241100x8000000000000000319333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0962a455165ea9892021-12-17 12:31:57.059root 11241100x8000000000000000319334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa14915ebf75a3cb2021-12-17 12:31:57.059root 11241100x8000000000000000319335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8175029160dd942021-12-17 12:31:57.059root 11241100x8000000000000000319336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ebc8c70225c3512021-12-17 12:31:57.059root 11241100x8000000000000000319337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec9e510cc3374552021-12-17 12:31:57.059root 11241100x8000000000000000319338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77308df036f97902021-12-17 12:31:57.059root 11241100x8000000000000000319339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c545555690bd1012021-12-17 12:31:57.059root 11241100x8000000000000000319340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c07e488c5081e5e2021-12-17 12:31:57.059root 11241100x8000000000000000319341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69e796b616e6ac72021-12-17 12:31:57.059root 11241100x8000000000000000319342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9635c8e4ec419d452021-12-17 12:31:57.059root 11241100x8000000000000000319343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e5af00340d7adc2021-12-17 12:31:57.059root 11241100x8000000000000000319344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63cd743c54d9b082021-12-17 12:31:57.059root 11241100x8000000000000000319345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab8ea32651ba3822021-12-17 12:31:57.062root 11241100x8000000000000000319346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a0096b83ebb65c2021-12-17 12:31:57.062root 11241100x8000000000000000319347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073b2cbf208d05212021-12-17 12:31:57.062root 11241100x8000000000000000319348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e33b1985edd0882021-12-17 12:31:57.062root 11241100x8000000000000000319349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c24d0944bb3ba2c2021-12-17 12:31:57.062root 354300x8000000000000000319350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.106{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44520-false10.0.1.12-8000- 11241100x8000000000000000319351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d91f3041d980cc2021-12-17 12:31:57.557root 11241100x8000000000000000319352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fbcb094e51a9482021-12-17 12:31:57.557root 11241100x8000000000000000319353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e67b713e9940fb2021-12-17 12:31:57.558root 11241100x8000000000000000319354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0bd48e28ef270c2021-12-17 12:31:57.558root 11241100x8000000000000000319355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bae0b1a67d87432021-12-17 12:31:57.558root 11241100x8000000000000000319356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90eaf6fb479e7a02021-12-17 12:31:57.558root 11241100x8000000000000000319357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23495da2fe477fe72021-12-17 12:31:57.558root 11241100x8000000000000000319358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2207f3290db7c882021-12-17 12:31:57.558root 11241100x8000000000000000319359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebe9e56ec7cebf82021-12-17 12:31:57.558root 11241100x8000000000000000319360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0596e2a85737edaa2021-12-17 12:31:57.559root 11241100x8000000000000000319361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd6f2c87db58e7e2021-12-17 12:31:57.559root 11241100x8000000000000000319362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b46c3b7bc1bbd4e2021-12-17 12:31:57.559root 11241100x8000000000000000319363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140ab57f03c8371f2021-12-17 12:31:57.559root 11241100x8000000000000000319364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ce7c2dafa2ecc2021-12-17 12:31:57.559root 11241100x8000000000000000319365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b127935d2ef94f902021-12-17 12:31:57.559root 11241100x8000000000000000319366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586f228acb05d2f62021-12-17 12:31:57.559root 11241100x8000000000000000319367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c3f1d4e4ee68132021-12-17 12:31:57.561root 11241100x8000000000000000319368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820b0c834f6aa2a32021-12-17 12:31:57.561root 11241100x8000000000000000319369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d64c31b4ebf36182021-12-17 12:31:57.561root 11241100x8000000000000000319370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97886d240e5f6ca72021-12-17 12:31:57.562root 11241100x8000000000000000319371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba75f848bf02281c2021-12-17 12:31:57.562root 11241100x8000000000000000319372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d652cb1717c3c3e92021-12-17 12:31:57.563root 11241100x8000000000000000319373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c51883b449734aa2021-12-17 12:31:57.563root 11241100x8000000000000000319374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c723dc8d5074272021-12-17 12:31:57.563root 11241100x8000000000000000319375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03671d949f8e36202021-12-17 12:31:57.563root 11241100x8000000000000000319376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62552ceb6405326f2021-12-17 12:31:57.563root 11241100x8000000000000000319377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:57.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dbc00d69c5dd012021-12-17 12:31:57.563root 11241100x8000000000000000319378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3519526c66eb8d2021-12-17 12:31:58.057root 11241100x8000000000000000319379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeb2a527abf10902021-12-17 12:31:58.057root 11241100x8000000000000000319380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f71ee079992650d2021-12-17 12:31:58.057root 11241100x8000000000000000319381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7eb310cf54c7f12021-12-17 12:31:58.057root 11241100x8000000000000000319382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84f7e5ed08a49e92021-12-17 12:31:58.058root 11241100x8000000000000000319383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84dc4ec0a27095c2021-12-17 12:31:58.058root 11241100x8000000000000000319384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48715c1bdca7ddc82021-12-17 12:31:58.058root 11241100x8000000000000000319385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6de85bd3f836102021-12-17 12:31:58.058root 11241100x8000000000000000319386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763e160e1bb112132021-12-17 12:31:58.058root 11241100x8000000000000000319387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d49f562da864afb2021-12-17 12:31:58.058root 11241100x8000000000000000319388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afc16d1625928772021-12-17 12:31:58.058root 11241100x8000000000000000319389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752bc4ce882d70f62021-12-17 12:31:58.058root 11241100x8000000000000000319390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b3074cf173059d2021-12-17 12:31:58.058root 11241100x8000000000000000319391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e692023e780c14922021-12-17 12:31:58.058root 11241100x8000000000000000319392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a0e034a6b00f102021-12-17 12:31:58.058root 11241100x8000000000000000319393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bac15502e00ad7b2021-12-17 12:31:58.058root 11241100x8000000000000000319394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d896b551a5bf85642021-12-17 12:31:58.058root 11241100x8000000000000000319395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0605fc2ef292e3ef2021-12-17 12:31:58.058root 11241100x8000000000000000319396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d18bac31d2b9fd2021-12-17 12:31:58.058root 11241100x8000000000000000319397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf6767596fca3bf2021-12-17 12:31:58.059root 11241100x8000000000000000319398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2199b5370d15d8972021-12-17 12:31:58.059root 11241100x8000000000000000319399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c8f8048c35033f2021-12-17 12:31:58.059root 11241100x8000000000000000319400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1882d6f3f02d4322021-12-17 12:31:58.059root 11241100x8000000000000000319401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f2b81517aaa12a2021-12-17 12:31:58.059root 11241100x8000000000000000319402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ef8829fe82f3402021-12-17 12:31:58.059root 11241100x8000000000000000319403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d02fdbc636b94b62021-12-17 12:31:58.059root 11241100x8000000000000000319404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a8f4531755cedb2021-12-17 12:31:58.059root 11241100x8000000000000000319405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93a63297e84482b2021-12-17 12:31:58.557root 11241100x8000000000000000319406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497efa4ac0838b0a2021-12-17 12:31:58.557root 11241100x8000000000000000319407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c720ac486fbd51b2021-12-17 12:31:58.557root 11241100x8000000000000000319408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99261f7a72a12ee2021-12-17 12:31:58.558root 11241100x8000000000000000319409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456e3b01afa0526d2021-12-17 12:31:58.558root 11241100x8000000000000000319410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4b74069f9b5b6c2021-12-17 12:31:58.558root 11241100x8000000000000000319411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b8176ca41462042021-12-17 12:31:58.558root 11241100x8000000000000000319412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f088e96e7b8ced9d2021-12-17 12:31:58.558root 11241100x8000000000000000319413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b2e43f3e2d44a52021-12-17 12:31:58.558root 11241100x8000000000000000319414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfd9a29af1373452021-12-17 12:31:58.558root 11241100x8000000000000000319415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9c3ec6c4a4c9882021-12-17 12:31:58.558root 11241100x8000000000000000319416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37173c657e86f10a2021-12-17 12:31:58.558root 11241100x8000000000000000319417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8bfa77e062c0312021-12-17 12:31:58.558root 11241100x8000000000000000319418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebbef1bb3579c532021-12-17 12:31:58.558root 11241100x8000000000000000319419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419939cb3d513db62021-12-17 12:31:58.558root 11241100x8000000000000000319420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ece3fed81c05602021-12-17 12:31:58.559root 11241100x8000000000000000319421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cef9850ae31dec2021-12-17 12:31:58.559root 11241100x8000000000000000319422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6aa79d081785222021-12-17 12:31:58.559root 11241100x8000000000000000319423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38219368ea9be39e2021-12-17 12:31:58.559root 11241100x8000000000000000319424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19333174a78a2be32021-12-17 12:31:58.559root 11241100x8000000000000000319425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eadcd26973ac952021-12-17 12:31:58.559root 11241100x8000000000000000319426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82a808c925db2752021-12-17 12:31:58.559root 11241100x8000000000000000319427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bc72f0525b563b2021-12-17 12:31:58.559root 11241100x8000000000000000319428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d44605261595e502021-12-17 12:31:58.559root 11241100x8000000000000000319429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ccdb17bd1cf59e2021-12-17 12:31:58.559root 11241100x8000000000000000319430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc0da6a9b48e5002021-12-17 12:31:58.559root 11241100x8000000000000000319431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:58.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270998090b71e2832021-12-17 12:31:58.560root 11241100x8000000000000000319432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488bc1f47c8366dc2021-12-17 12:31:59.057root 11241100x8000000000000000319433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1a087cac42774b2021-12-17 12:31:59.057root 11241100x8000000000000000319434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2bdb1f6d131f972021-12-17 12:31:59.058root 11241100x8000000000000000319435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9d3fb8e706a86c2021-12-17 12:31:59.058root 11241100x8000000000000000319436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9b7e1fce99a1142021-12-17 12:31:59.058root 11241100x8000000000000000319437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2a079822ba00402021-12-17 12:31:59.058root 11241100x8000000000000000319438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9175060abfe129a2021-12-17 12:31:59.058root 11241100x8000000000000000319439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039fa091e08277bb2021-12-17 12:31:59.058root 11241100x8000000000000000319440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edd10c8075da83c2021-12-17 12:31:59.058root 11241100x8000000000000000319441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f234c7108812c002021-12-17 12:31:59.058root 11241100x8000000000000000319442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838fc41cb9b314a22021-12-17 12:31:59.058root 11241100x8000000000000000319443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b53f46c1a2392022021-12-17 12:31:59.059root 11241100x8000000000000000319444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ad8045cc7043032021-12-17 12:31:59.059root 11241100x8000000000000000319445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4baba4691eb871dd2021-12-17 12:31:59.059root 11241100x8000000000000000319446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac50f1d189d784f2021-12-17 12:31:59.059root 11241100x8000000000000000319447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a102e9b05493ad622021-12-17 12:31:59.059root 11241100x8000000000000000319448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb76740e7386ee432021-12-17 12:31:59.059root 11241100x8000000000000000319449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e488a847b4f3943b2021-12-17 12:31:59.059root 11241100x8000000000000000319450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1772ed670059f7822021-12-17 12:31:59.060root 11241100x8000000000000000319451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b5a0e13de360572021-12-17 12:31:59.060root 11241100x8000000000000000319452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895057cc88919d192021-12-17 12:31:59.060root 11241100x8000000000000000319453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc7c46020c3157d2021-12-17 12:31:59.060root 11241100x8000000000000000319454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e504f41b7b5c5e2021-12-17 12:31:59.060root 11241100x8000000000000000319455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36415512c526b2962021-12-17 12:31:59.060root 11241100x8000000000000000319456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fd4ec1f9e030422021-12-17 12:31:59.060root 11241100x8000000000000000319457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd5671218fbfdc32021-12-17 12:31:59.060root 11241100x8000000000000000319458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81249d25f9b5fd842021-12-17 12:31:59.062root 11241100x8000000000000000319459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba17641677e60cab2021-12-17 12:31:59.557root 11241100x8000000000000000319460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d4e102af1e91d42021-12-17 12:31:59.557root 11241100x8000000000000000319461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e5ee9b118205c42021-12-17 12:31:59.557root 11241100x8000000000000000319462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b4b7920ec849e02021-12-17 12:31:59.557root 11241100x8000000000000000319463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee126682166494f02021-12-17 12:31:59.558root 11241100x8000000000000000319464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53be8ca02f7ea6b12021-12-17 12:31:59.558root 11241100x8000000000000000319465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83236bc33c4cd3672021-12-17 12:31:59.558root 11241100x8000000000000000319466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1dcc7dbe3449be2021-12-17 12:31:59.558root 11241100x8000000000000000319467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748de3dc6e885a112021-12-17 12:31:59.558root 11241100x8000000000000000319468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0f11d9a788f2232021-12-17 12:31:59.558root 11241100x8000000000000000319469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f995ace806bebe82021-12-17 12:31:59.558root 11241100x8000000000000000319470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b814651a289a562021-12-17 12:31:59.558root 11241100x8000000000000000319471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f025836f84f75b72021-12-17 12:31:59.558root 11241100x8000000000000000319472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4e8faec1ace7692021-12-17 12:31:59.558root 11241100x8000000000000000319473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7851b418bc829ccd2021-12-17 12:31:59.558root 11241100x8000000000000000319474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ede49205d419702021-12-17 12:31:59.558root 11241100x8000000000000000319475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d58bd661a9188a22021-12-17 12:31:59.559root 11241100x8000000000000000319476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f69d125389602d2021-12-17 12:31:59.559root 11241100x8000000000000000319477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3b8db0c23ec9df2021-12-17 12:31:59.559root 11241100x8000000000000000319478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49284925d61082c32021-12-17 12:31:59.559root 11241100x8000000000000000319479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f6595830da435b2021-12-17 12:31:59.559root 11241100x8000000000000000319480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cd9acab07f31152021-12-17 12:31:59.559root 11241100x8000000000000000319481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea3ea6a6a0965582021-12-17 12:31:59.559root 11241100x8000000000000000319482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789cd94a884dee312021-12-17 12:31:59.559root 11241100x8000000000000000319483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cc8bd2ee283d1f2021-12-17 12:31:59.559root 11241100x8000000000000000319484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf72127ee95226a52021-12-17 12:31:59.559root 11241100x8000000000000000319485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:31:59.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077014bd4c70fb882021-12-17 12:31:59.559root 11241100x8000000000000000319486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c214e58ec81accfb2021-12-17 12:32:00.057root 11241100x8000000000000000319487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25832b51396a1472021-12-17 12:32:00.057root 11241100x8000000000000000319488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1829c8c7cef7f2e22021-12-17 12:32:00.057root 11241100x8000000000000000319489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96840cc8dc5111022021-12-17 12:32:00.057root 11241100x8000000000000000319490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa156067e49961e02021-12-17 12:32:00.057root 11241100x8000000000000000319491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c7c2d1822195b92021-12-17 12:32:00.058root 11241100x8000000000000000319492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e7d584f3f05dc32021-12-17 12:32:00.058root 11241100x8000000000000000319493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed6ec888bfcf6032021-12-17 12:32:00.058root 11241100x8000000000000000319494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91450f343721facd2021-12-17 12:32:00.058root 11241100x8000000000000000319495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b632f9f1daab4e322021-12-17 12:32:00.058root 11241100x8000000000000000319496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed546b0d10a0fa22021-12-17 12:32:00.058root 11241100x8000000000000000319497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100366402c2bc36c2021-12-17 12:32:00.058root 11241100x8000000000000000319498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c081e0736dca1e42021-12-17 12:32:00.058root 11241100x8000000000000000319499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28624916292e07862021-12-17 12:32:00.058root 11241100x8000000000000000319500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46036fb0c9aaa112021-12-17 12:32:00.059root 11241100x8000000000000000319501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fd3ce90a4cb3c32021-12-17 12:32:00.059root 11241100x8000000000000000319502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e716281e16b24752021-12-17 12:32:00.059root 11241100x8000000000000000319503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79281e94d54399022021-12-17 12:32:00.059root 11241100x8000000000000000319504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f602bce41beee72021-12-17 12:32:00.059root 11241100x8000000000000000319505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389ab9a4720c29fc2021-12-17 12:32:00.059root 11241100x8000000000000000319506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433bd190d5e36a342021-12-17 12:32:00.059root 11241100x8000000000000000319507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b096392c981df292021-12-17 12:32:00.059root 11241100x8000000000000000319508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a4fa64cb1a7bae2021-12-17 12:32:00.059root 11241100x8000000000000000319509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720b70baba5bfd062021-12-17 12:32:00.059root 11241100x8000000000000000319510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f52b71fbc383622021-12-17 12:32:00.059root 11241100x8000000000000000319511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bd75b33c7b95662021-12-17 12:32:00.059root 11241100x8000000000000000319512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f23dc65ee254882021-12-17 12:32:00.059root 11241100x8000000000000000319513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.167{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-17 12:32:00.167root 11241100x8000000000000000319514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98b5bb595758a3c2021-12-17 12:32:00.557root 11241100x8000000000000000319515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3b5881348c04892021-12-17 12:32:00.557root 11241100x8000000000000000319516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363eeb23e87467b92021-12-17 12:32:00.557root 11241100x8000000000000000319517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1b17234ac8bcad2021-12-17 12:32:00.557root 11241100x8000000000000000319518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4409cadf7168132b2021-12-17 12:32:00.558root 11241100x8000000000000000319519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78f98f8cfff42072021-12-17 12:32:00.558root 11241100x8000000000000000319520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cd5602ecc064c42021-12-17 12:32:00.558root 11241100x8000000000000000319521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8119e8573d7a2c2021-12-17 12:32:00.558root 11241100x8000000000000000319522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf912266d3b67ee2021-12-17 12:32:00.558root 11241100x8000000000000000319523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade9385393d3d1312021-12-17 12:32:00.558root 11241100x8000000000000000319524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd031c28478c00a2021-12-17 12:32:00.558root 11241100x8000000000000000319525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ea5c291725d8732021-12-17 12:32:00.558root 11241100x8000000000000000319526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367a156b38b6e26b2021-12-17 12:32:00.558root 11241100x8000000000000000319527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8caba8c377de290a2021-12-17 12:32:00.558root 11241100x8000000000000000319528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037ae16acb3182442021-12-17 12:32:00.558root 11241100x8000000000000000319529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7409ca95de0e022021-12-17 12:32:00.558root 11241100x8000000000000000319530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e7ba2524ff87e52021-12-17 12:32:00.558root 11241100x8000000000000000319531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b7101cfdb99a8b2021-12-17 12:32:00.559root 11241100x8000000000000000319532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795d16f3c8df10e92021-12-17 12:32:00.559root 11241100x8000000000000000319533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7815d8887605b3992021-12-17 12:32:00.559root 11241100x8000000000000000319534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29980be24be8f8172021-12-17 12:32:00.559root 11241100x8000000000000000319535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f42220066c0d762021-12-17 12:32:00.559root 11241100x8000000000000000319536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a901d71bed20d5b2021-12-17 12:32:00.559root 11241100x8000000000000000319537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ba8ab0a0bd873d2021-12-17 12:32:00.559root 11241100x8000000000000000319538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b21978537f58e062021-12-17 12:32:00.559root 11241100x8000000000000000319539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37843285b3bdade02021-12-17 12:32:00.559root 11241100x8000000000000000319540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c657f79967ddf0f2021-12-17 12:32:00.559root 11241100x8000000000000000319541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:00.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2326304e1e6c1c12021-12-17 12:32:00.560root 11241100x8000000000000000319542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247d3b88319680732021-12-17 12:32:01.057root 11241100x8000000000000000319543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62edb30e7970e6432021-12-17 12:32:01.057root 11241100x8000000000000000319544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f155e1a610fe01a2021-12-17 12:32:01.057root 11241100x8000000000000000319545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369dd5fe74dda5f62021-12-17 12:32:01.057root 11241100x8000000000000000319546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b964b387bad4b632021-12-17 12:32:01.058root 11241100x8000000000000000319547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66535e9f7a6d1d862021-12-17 12:32:01.058root 11241100x8000000000000000319548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cb43ae9feeef512021-12-17 12:32:01.058root 11241100x8000000000000000319549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f92859960f476352021-12-17 12:32:01.058root 11241100x8000000000000000319550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00396a9e428eb0e02021-12-17 12:32:01.058root 11241100x8000000000000000319551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b2c1542e58b29a2021-12-17 12:32:01.058root 11241100x8000000000000000319552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cef29ea3099049d2021-12-17 12:32:01.058root 11241100x8000000000000000319553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca00bf71e679fff82021-12-17 12:32:01.058root 11241100x8000000000000000319554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758544c033ba69e82021-12-17 12:32:01.058root 11241100x8000000000000000319555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11376d16f85128522021-12-17 12:32:01.058root 11241100x8000000000000000319556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b1114df13633192021-12-17 12:32:01.058root 11241100x8000000000000000319557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5074551b90d9cc622021-12-17 12:32:01.059root 11241100x8000000000000000319558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41495b6b9ddba2d82021-12-17 12:32:01.059root 11241100x8000000000000000319559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffbfbd2c7abaaf82021-12-17 12:32:01.059root 11241100x8000000000000000319560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969a03a4f3d615672021-12-17 12:32:01.059root 11241100x8000000000000000319561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c31045a0567df32021-12-17 12:32:01.059root 11241100x8000000000000000319562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6257f5cddef7bd2021-12-17 12:32:01.059root 11241100x8000000000000000319563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ed7140c8179c232021-12-17 12:32:01.059root 11241100x8000000000000000319564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdccd03929e766a2021-12-17 12:32:01.059root 11241100x8000000000000000319565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bce57bd8bdd0d252021-12-17 12:32:01.060root 11241100x8000000000000000319566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e599eb1c688b122021-12-17 12:32:01.060root 11241100x8000000000000000319567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40fafe48d25b0e12021-12-17 12:32:01.060root 11241100x8000000000000000319568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d06aa4a818ab9be2021-12-17 12:32:01.061root 11241100x8000000000000000319569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b75210eb0f64ed92021-12-17 12:32:01.061root 11241100x8000000000000000319570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe73440d81cff0942021-12-17 12:32:01.557root 11241100x8000000000000000319571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bc4234e55d1c7c2021-12-17 12:32:01.557root 11241100x8000000000000000319572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a015e4efe90895672021-12-17 12:32:01.557root 11241100x8000000000000000319573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51fb79f99820d4d2021-12-17 12:32:01.557root 11241100x8000000000000000319574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745495b2a29831e12021-12-17 12:32:01.558root 11241100x8000000000000000319575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b107c74638afd2ea2021-12-17 12:32:01.558root 11241100x8000000000000000319576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5787b7cac43bc2002021-12-17 12:32:01.558root 11241100x8000000000000000319577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420da5ef8e4a6f902021-12-17 12:32:01.558root 11241100x8000000000000000319578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c006a2e4c3dfa32021-12-17 12:32:01.558root 11241100x8000000000000000319579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac39360daaf2bc6e2021-12-17 12:32:01.558root 11241100x8000000000000000319580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea645be34a228bc2021-12-17 12:32:01.558root 11241100x8000000000000000319581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3429b6f6fd444a02021-12-17 12:32:01.558root 11241100x8000000000000000319582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc667cce4b8d9aec2021-12-17 12:32:01.558root 11241100x8000000000000000319583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b996a984d373a32021-12-17 12:32:01.559root 11241100x8000000000000000319584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413e1b92401a34ec2021-12-17 12:32:01.559root 11241100x8000000000000000319585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283227f692d2123d2021-12-17 12:32:01.559root 11241100x8000000000000000319586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3be52a4b648e3d2021-12-17 12:32:01.559root 11241100x8000000000000000319587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bbb329dd241df22021-12-17 12:32:01.559root 11241100x8000000000000000319588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17406fa236c39052021-12-17 12:32:01.559root 11241100x8000000000000000319589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57997bcdf8e96a42021-12-17 12:32:01.559root 11241100x8000000000000000319590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676e4f0c4b8d30f52021-12-17 12:32:01.559root 11241100x8000000000000000319591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e1e1f0abf6bc3f2021-12-17 12:32:01.559root 11241100x8000000000000000319592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76da249a9ff84ab82021-12-17 12:32:01.559root 11241100x8000000000000000319593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fcbb5607eca3d72021-12-17 12:32:01.560root 11241100x8000000000000000319594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d116025c3a7b8cb2021-12-17 12:32:01.560root 11241100x8000000000000000319595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834dad8bad45f0e62021-12-17 12:32:01.560root 11241100x8000000000000000319596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e76fc52227947e2021-12-17 12:32:01.560root 11241100x8000000000000000319597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:01.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e07d6c566bc4fa52021-12-17 12:32:01.560root 11241100x8000000000000000319598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf641ddd5e63d872021-12-17 12:32:02.057root 11241100x8000000000000000319599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b964bf8733f2132021-12-17 12:32:02.058root 11241100x8000000000000000319600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64abb3559448c67b2021-12-17 12:32:02.058root 11241100x8000000000000000319601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03936decac2ff242021-12-17 12:32:02.058root 11241100x8000000000000000319602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876a6161476e3e5e2021-12-17 12:32:02.058root 11241100x8000000000000000319603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c23e439a07e1ebc2021-12-17 12:32:02.058root 11241100x8000000000000000319604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dd974cbef6d4b02021-12-17 12:32:02.058root 11241100x8000000000000000319605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ea3fde420db3c12021-12-17 12:32:02.058root 11241100x8000000000000000319606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b712eabdfdfd8122021-12-17 12:32:02.059root 11241100x8000000000000000319607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a800253bebbf08c2021-12-17 12:32:02.059root 11241100x8000000000000000319608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd26aca6f0b365b2021-12-17 12:32:02.059root 11241100x8000000000000000319609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ec6f6a53b2d7262021-12-17 12:32:02.059root 11241100x8000000000000000319610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7d7548eaf7f7792021-12-17 12:32:02.059root 11241100x8000000000000000319611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5286a4f2d52f5fc2021-12-17 12:32:02.059root 11241100x8000000000000000319612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b969a4e90d91ff2021-12-17 12:32:02.059root 11241100x8000000000000000319613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6978c2d8f362f84d2021-12-17 12:32:02.059root 11241100x8000000000000000319614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd45d7a6d87fd682021-12-17 12:32:02.059root 11241100x8000000000000000319615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12816ddd47d53052021-12-17 12:32:02.059root 11241100x8000000000000000319616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89946f908ba2bfe12021-12-17 12:32:02.061root 11241100x8000000000000000319617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ea334d3e14234d2021-12-17 12:32:02.061root 11241100x8000000000000000319618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7085d6d5a108aa2021-12-17 12:32:02.061root 11241100x8000000000000000319619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514ecaf4310d354f2021-12-17 12:32:02.062root 11241100x8000000000000000319620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380d7603eae48fd42021-12-17 12:32:02.062root 11241100x8000000000000000319621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784de830a884c46e2021-12-17 12:32:02.062root 11241100x8000000000000000319622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be462fba1cbe76122021-12-17 12:32:02.062root 11241100x8000000000000000319623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c76fd68ad374e52021-12-17 12:32:02.062root 11241100x8000000000000000319624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c110595d5e29b582021-12-17 12:32:02.062root 11241100x8000000000000000319625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866f1e5630a7cb2f2021-12-17 12:32:02.063root 354300x8000000000000000319626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.187{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44522-false10.0.1.12-8000- 11241100x8000000000000000319627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13a395308f217632021-12-17 12:32:02.557root 11241100x8000000000000000319628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae170f86c973e172021-12-17 12:32:02.557root 11241100x8000000000000000319629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7fdcc335b1cdf52021-12-17 12:32:02.558root 11241100x8000000000000000319630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2740c4347269c4bb2021-12-17 12:32:02.558root 11241100x8000000000000000319631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b61bd92b9045ced2021-12-17 12:32:02.558root 11241100x8000000000000000319632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f990f8a53b81d42021-12-17 12:32:02.558root 11241100x8000000000000000319633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b939c4df29d91bf32021-12-17 12:32:02.558root 11241100x8000000000000000319634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba9b8518612c8a52021-12-17 12:32:02.558root 11241100x8000000000000000319635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b0f4aec0b6aa612021-12-17 12:32:02.558root 11241100x8000000000000000319636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf42e7a342c031822021-12-17 12:32:02.559root 11241100x8000000000000000319637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14b083cd913aef82021-12-17 12:32:02.559root 11241100x8000000000000000319638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636cd821d1e305792021-12-17 12:32:02.559root 11241100x8000000000000000319639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a98015ba32cb8d32021-12-17 12:32:02.559root 11241100x8000000000000000319640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7e711a742dbd012021-12-17 12:32:02.559root 11241100x8000000000000000319641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde3cc12372cfa8f2021-12-17 12:32:02.559root 11241100x8000000000000000319642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da91824a62d0bd12021-12-17 12:32:02.559root 11241100x8000000000000000319643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18753c555245d93d2021-12-17 12:32:02.559root 11241100x8000000000000000319644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6246a97dd6a0ed2021-12-17 12:32:02.560root 11241100x8000000000000000319645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba8034b1a96ff2f2021-12-17 12:32:02.560root 11241100x8000000000000000319646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4566bd73bed17ba2021-12-17 12:32:02.560root 11241100x8000000000000000319647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2cebc713080f772021-12-17 12:32:02.560root 11241100x8000000000000000319648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62443b233285c0682021-12-17 12:32:02.560root 11241100x8000000000000000319649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafe3de1c1a9e1bb2021-12-17 12:32:02.560root 11241100x8000000000000000319650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eaee59bf9b92732021-12-17 12:32:02.560root 11241100x8000000000000000319651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c162c240afccf3b82021-12-17 12:32:02.560root 11241100x8000000000000000319652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1076789f9c83ee982021-12-17 12:32:02.560root 11241100x8000000000000000319653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc5d0d78b56ddd72021-12-17 12:32:02.561root 11241100x8000000000000000319654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4b65a6ce9d5a5e2021-12-17 12:32:02.561root 11241100x8000000000000000319655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:02.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f17fe0a6edb60232021-12-17 12:32:02.561root 11241100x8000000000000000319656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851214710d863b982021-12-17 12:32:03.057root 11241100x8000000000000000319657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d4985394def3fa2021-12-17 12:32:03.057root 11241100x8000000000000000319658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f314000a6e63b112021-12-17 12:32:03.057root 11241100x8000000000000000319659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51cac1536d346ed2021-12-17 12:32:03.058root 11241100x8000000000000000319660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a9b36c707938a52021-12-17 12:32:03.058root 11241100x8000000000000000319661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96d0ef72c5ea9632021-12-17 12:32:03.058root 11241100x8000000000000000319662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea302458d93893612021-12-17 12:32:03.058root 11241100x8000000000000000319663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32448bbb3ef30862021-12-17 12:32:03.058root 11241100x8000000000000000319664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b309a119d0af1fa62021-12-17 12:32:03.058root 11241100x8000000000000000319665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef06bcd53bed8462021-12-17 12:32:03.058root 11241100x8000000000000000319666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f693fae2e2afe5e12021-12-17 12:32:03.058root 11241100x8000000000000000319667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5e6fb2551c51832021-12-17 12:32:03.058root 11241100x8000000000000000319668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03866e5d6975ce382021-12-17 12:32:03.058root 11241100x8000000000000000319669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f6c7cb8096cfd12021-12-17 12:32:03.058root 11241100x8000000000000000319670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3b0399728279952021-12-17 12:32:03.058root 11241100x8000000000000000319671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ef49ca6a8747462021-12-17 12:32:03.058root 11241100x8000000000000000319672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a3db3c3f51dc4d2021-12-17 12:32:03.058root 11241100x8000000000000000319673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ab5c0a994250d72021-12-17 12:32:03.058root 11241100x8000000000000000319674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35284815c56cb9b32021-12-17 12:32:03.058root 23542300x8000000000000000319675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.059{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000319676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e79717cd36181f2021-12-17 12:32:03.059root 11241100x8000000000000000319677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba69885ee40a2c42021-12-17 12:32:03.059root 11241100x8000000000000000319678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6416976a213fba2021-12-17 12:32:03.059root 11241100x8000000000000000319679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a6f8b8448531162021-12-17 12:32:03.059root 11241100x8000000000000000319680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f5fb47fbbfda1c2021-12-17 12:32:03.059root 11241100x8000000000000000319681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359612b0dc6fd7942021-12-17 12:32:03.059root 11241100x8000000000000000319682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e5764292e758652021-12-17 12:32:03.059root 11241100x8000000000000000319683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4e9b676815077a2021-12-17 12:32:03.059root 11241100x8000000000000000319684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccd7fd02dd6e9ae2021-12-17 12:32:03.059root 11241100x8000000000000000319685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f799c0ba3c67a07a2021-12-17 12:32:03.059root 11241100x8000000000000000319686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493cb8e9403cb4c82021-12-17 12:32:03.557root 11241100x8000000000000000319687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58e5bd42cc86df32021-12-17 12:32:03.557root 11241100x8000000000000000319688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85d21986b2de56f2021-12-17 12:32:03.558root 11241100x8000000000000000319689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65729fcad22072662021-12-17 12:32:03.558root 11241100x8000000000000000319690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5745143b8826f48b2021-12-17 12:32:03.558root 11241100x8000000000000000319691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65c7534d493dfc52021-12-17 12:32:03.558root 11241100x8000000000000000319692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57341ed0b37d0e792021-12-17 12:32:03.558root 11241100x8000000000000000319693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15619a38728bce342021-12-17 12:32:03.558root 11241100x8000000000000000319694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9fed9c2b136ac22021-12-17 12:32:03.558root 11241100x8000000000000000319695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae7a4e03a2a52ca2021-12-17 12:32:03.558root 11241100x8000000000000000319696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed44e23bc133bedd2021-12-17 12:32:03.558root 11241100x8000000000000000319697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6b315320e5be6d2021-12-17 12:32:03.559root 11241100x8000000000000000319698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6881d7ad7dcf70602021-12-17 12:32:03.559root 11241100x8000000000000000319699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094bc70a5b8ac8eb2021-12-17 12:32:03.559root 11241100x8000000000000000319700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f034af45553a6ab82021-12-17 12:32:03.559root 11241100x8000000000000000319701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cd41806b9ba5032021-12-17 12:32:03.559root 11241100x8000000000000000319702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e58928239cb71e2021-12-17 12:32:03.559root 11241100x8000000000000000319703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56528028a31d99b42021-12-17 12:32:03.559root 11241100x8000000000000000319704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94048b14bf017dbf2021-12-17 12:32:03.559root 11241100x8000000000000000319705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac035b667a46c372021-12-17 12:32:03.559root 11241100x8000000000000000319706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd990c2d3e9e88632021-12-17 12:32:03.559root 11241100x8000000000000000319707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08374eee542de4b2021-12-17 12:32:03.559root 11241100x8000000000000000319708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c36ac413e877ec2021-12-17 12:32:03.559root 11241100x8000000000000000319709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5129102f0be38b2021-12-17 12:32:03.559root 11241100x8000000000000000319710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512ed726dee7ae482021-12-17 12:32:03.559root 11241100x8000000000000000319711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ffbb23ec2f96f52021-12-17 12:32:03.560root 11241100x8000000000000000319712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d84438e924d95ae2021-12-17 12:32:03.560root 11241100x8000000000000000319713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69ee7de544e68892021-12-17 12:32:03.560root 11241100x8000000000000000319714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81fd4faca8644922021-12-17 12:32:03.560root 11241100x8000000000000000319715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:03.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c7fac8989ddb572021-12-17 12:32:03.560root 11241100x8000000000000000319716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd8ccdb0a150f482021-12-17 12:32:04.057root 11241100x8000000000000000319717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec946d4f7a8e0b72021-12-17 12:32:04.057root 11241100x8000000000000000319718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66785e84cb22082b2021-12-17 12:32:04.057root 11241100x8000000000000000319719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8349c2376c89e3c82021-12-17 12:32:04.057root 11241100x8000000000000000319720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba0c9c8b0c0fabe2021-12-17 12:32:04.058root 11241100x8000000000000000319721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dec4df4707ba96d2021-12-17 12:32:04.058root 11241100x8000000000000000319722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c296749d7469ced2021-12-17 12:32:04.058root 11241100x8000000000000000319723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc063f3300b42d852021-12-17 12:32:04.058root 11241100x8000000000000000319724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee09b7c8907494912021-12-17 12:32:04.058root 11241100x8000000000000000319725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c450c2be89c22b072021-12-17 12:32:04.058root 11241100x8000000000000000319726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe3c57a339c71c72021-12-17 12:32:04.058root 11241100x8000000000000000319727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64802fcb37f78c72021-12-17 12:32:04.058root 11241100x8000000000000000319728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac9f4653a99e2872021-12-17 12:32:04.058root 11241100x8000000000000000319729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844aad96f341da012021-12-17 12:32:04.058root 11241100x8000000000000000319730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfeffdb6df5ee1a2021-12-17 12:32:04.058root 11241100x8000000000000000319731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fe21100c97ee5a2021-12-17 12:32:04.058root 11241100x8000000000000000319732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74263a03063e6f7d2021-12-17 12:32:04.059root 11241100x8000000000000000319733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ec5a1c5989c04a2021-12-17 12:32:04.059root 11241100x8000000000000000319734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450d70af081949d82021-12-17 12:32:04.059root 11241100x8000000000000000319735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30aa6fdc53d1f5992021-12-17 12:32:04.059root 11241100x8000000000000000319736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32688a2dd0798c7b2021-12-17 12:32:04.059root 11241100x8000000000000000319737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3842ca11458479092021-12-17 12:32:04.059root 11241100x8000000000000000319738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99c28be5fe035842021-12-17 12:32:04.059root 11241100x8000000000000000319739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2830a6bb23a2498f2021-12-17 12:32:04.059root 11241100x8000000000000000319740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb414a562340c4302021-12-17 12:32:04.059root 11241100x8000000000000000319741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6996adcd253541072021-12-17 12:32:04.059root 11241100x8000000000000000319742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e95fc044d72ef0f2021-12-17 12:32:04.059root 11241100x8000000000000000319743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1f829953b63ac92021-12-17 12:32:04.059root 11241100x8000000000000000319744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b301681d1a1513e12021-12-17 12:32:04.059root 11241100x8000000000000000319745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628a3469d460c01d2021-12-17 12:32:04.060root 11241100x8000000000000000319746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616e62df308597de2021-12-17 12:32:04.556root 11241100x8000000000000000319747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ccccdeccbd5fce2021-12-17 12:32:04.556root 11241100x8000000000000000319748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d4a31af17056dc2021-12-17 12:32:04.557root 11241100x8000000000000000319749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49680f64a5b20152021-12-17 12:32:04.557root 11241100x8000000000000000319750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099c8763019958be2021-12-17 12:32:04.557root 11241100x8000000000000000319751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dc0a48580263402021-12-17 12:32:04.557root 11241100x8000000000000000319752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd8353169c79372021-12-17 12:32:04.557root 11241100x8000000000000000319753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8b80bc794533aa2021-12-17 12:32:04.557root 11241100x8000000000000000319754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1f5aca81666afb2021-12-17 12:32:04.557root 11241100x8000000000000000319755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec6280cdbca12872021-12-17 12:32:04.557root 11241100x8000000000000000319756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952fec934b97f3392021-12-17 12:32:04.557root 11241100x8000000000000000319757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29faad990f5d29f12021-12-17 12:32:04.557root 11241100x8000000000000000319758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28058a8dfa1abb32021-12-17 12:32:04.557root 11241100x8000000000000000319759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94f6d077767f8d72021-12-17 12:32:04.557root 11241100x8000000000000000319760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d77c2fc6476736a2021-12-17 12:32:04.557root 11241100x8000000000000000319761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1db469a2fbdeb82021-12-17 12:32:04.557root 11241100x8000000000000000319762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a4bb24d71db7482021-12-17 12:32:04.557root 11241100x8000000000000000319763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c441a3548bc28f392021-12-17 12:32:04.557root 11241100x8000000000000000319764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26803250068d735e2021-12-17 12:32:04.558root 11241100x8000000000000000319765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f67b2adc54cda6e2021-12-17 12:32:04.558root 11241100x8000000000000000319766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373ed8fd83a0e08a2021-12-17 12:32:04.558root 11241100x8000000000000000319767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ea060c057c3a382021-12-17 12:32:04.558root 11241100x8000000000000000319768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b4f1bbc200b3c12021-12-17 12:32:04.558root 11241100x8000000000000000319769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de476330feaa5352021-12-17 12:32:04.558root 11241100x8000000000000000319770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79868ce5d3ebd0752021-12-17 12:32:04.558root 11241100x8000000000000000319771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59d0a4a2a579dd72021-12-17 12:32:04.558root 11241100x8000000000000000319772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9be76dabfa6a30e2021-12-17 12:32:04.558root 11241100x8000000000000000319773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e522da74d504d5be2021-12-17 12:32:04.558root 11241100x8000000000000000319774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f55e7462f5158152021-12-17 12:32:04.558root 11241100x8000000000000000319775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c2d57f3c5c6bbf2021-12-17 12:32:04.558root 11241100x8000000000000000319776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee295b60129bf8a2021-12-17 12:32:04.559root 11241100x8000000000000000319777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c851d4ed35564b2021-12-17 12:32:04.559root 11241100x8000000000000000319778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3745ca12d3e6412021-12-17 12:32:04.559root 11241100x8000000000000000319779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e775b8e0c1fbeab42021-12-17 12:32:04.559root 11241100x8000000000000000319780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853b359694306aa12021-12-17 12:32:04.559root 11241100x8000000000000000319781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa826e451295a562021-12-17 12:32:04.559root 11241100x8000000000000000319782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc97840d441c3c12021-12-17 12:32:04.559root 11241100x8000000000000000319783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633794d4885d927c2021-12-17 12:32:04.559root 11241100x8000000000000000319784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b096d40ddbd498e2021-12-17 12:32:04.559root 11241100x8000000000000000319785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21f4eec5bf083552021-12-17 12:32:04.559root 11241100x8000000000000000319786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd044d6fb4765d752021-12-17 12:32:04.559root 11241100x8000000000000000319787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119ec8fa1e76f7a22021-12-17 12:32:04.560root 11241100x8000000000000000319788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:04.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db38cb9dc9f802c62021-12-17 12:32:04.560root 11241100x8000000000000000319789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a063044bd4a82c2021-12-17 12:32:05.057root 11241100x8000000000000000319790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c31a407eaa2fcc2021-12-17 12:32:05.057root 11241100x8000000000000000319791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1ea4259f16d6062021-12-17 12:32:05.058root 11241100x8000000000000000319792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408e67f6c39e1fdf2021-12-17 12:32:05.058root 11241100x8000000000000000319793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4599838c2ab5afa2021-12-17 12:32:05.058root 11241100x8000000000000000319794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1767ed74eff68f42021-12-17 12:32:05.058root 11241100x8000000000000000319795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625e7a5c4cd3aa202021-12-17 12:32:05.058root 11241100x8000000000000000319796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a7bf83789b03a22021-12-17 12:32:05.058root 11241100x8000000000000000319797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bee20d1f496219d2021-12-17 12:32:05.058root 11241100x8000000000000000319798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec38fc4365eea6a2021-12-17 12:32:05.058root 11241100x8000000000000000319799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d9588589c2d27c2021-12-17 12:32:05.058root 11241100x8000000000000000319800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4b5181d67d3fe22021-12-17 12:32:05.058root 11241100x8000000000000000319801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88388601a08baa4e2021-12-17 12:32:05.058root 11241100x8000000000000000319802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df4e94ce44721132021-12-17 12:32:05.058root 11241100x8000000000000000319803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b91e9077ef2eb052021-12-17 12:32:05.059root 11241100x8000000000000000319804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadfe035c7d64d392021-12-17 12:32:05.059root 11241100x8000000000000000319805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127c62d2aaff42712021-12-17 12:32:05.059root 11241100x8000000000000000319806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bbd18f9fcb74fb2021-12-17 12:32:05.059root 11241100x8000000000000000319807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada6c9bdb053cec02021-12-17 12:32:05.059root 11241100x8000000000000000319808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad75e7289107cd42021-12-17 12:32:05.059root 11241100x8000000000000000319809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b305854c2e941ecd2021-12-17 12:32:05.059root 11241100x8000000000000000319810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ccc305784ca5d62021-12-17 12:32:05.059root 11241100x8000000000000000319811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b10a6002d519952021-12-17 12:32:05.059root 11241100x8000000000000000319812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac457b2096a99642021-12-17 12:32:05.059root 11241100x8000000000000000319813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53e842dd02a02352021-12-17 12:32:05.059root 11241100x8000000000000000319814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621fffea2b2f03042021-12-17 12:32:05.059root 11241100x8000000000000000319815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fe013a5ad48ded2021-12-17 12:32:05.059root 11241100x8000000000000000319816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788683d42b3b60f42021-12-17 12:32:05.059root 11241100x8000000000000000319817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fd96aa4796ddd72021-12-17 12:32:05.060root 11241100x8000000000000000319818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9b8149ce7515422021-12-17 12:32:05.060root 11241100x8000000000000000319819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd751c1f7ce2814a2021-12-17 12:32:05.557root 11241100x8000000000000000319820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721eb63a82de2d5c2021-12-17 12:32:05.557root 11241100x8000000000000000319821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f30046b76870072021-12-17 12:32:05.557root 11241100x8000000000000000319822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c859dfa51421b62021-12-17 12:32:05.558root 11241100x8000000000000000319823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d95f20342f525932021-12-17 12:32:05.558root 11241100x8000000000000000319824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f909531c7f923682021-12-17 12:32:05.558root 11241100x8000000000000000319825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46180e0ff9e2d0912021-12-17 12:32:05.558root 11241100x8000000000000000319826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272e8057afc05dae2021-12-17 12:32:05.558root 11241100x8000000000000000319827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eab2b88c45601222021-12-17 12:32:05.558root 11241100x8000000000000000319828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc6c54fc01f3f182021-12-17 12:32:05.558root 11241100x8000000000000000319829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbd0632d94b1fd32021-12-17 12:32:05.558root 11241100x8000000000000000319830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092539ebb8b486ed2021-12-17 12:32:05.558root 11241100x8000000000000000319831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dd28a1d98449132021-12-17 12:32:05.558root 11241100x8000000000000000319832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bce042fda02bab02021-12-17 12:32:05.558root 11241100x8000000000000000319833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbaa1e2e1f8607902021-12-17 12:32:05.559root 11241100x8000000000000000319834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1986d46c6c0a991f2021-12-17 12:32:05.559root 11241100x8000000000000000319835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5fa417bae5f0282021-12-17 12:32:05.559root 11241100x8000000000000000319836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07daff42b4a679352021-12-17 12:32:05.559root 11241100x8000000000000000319837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713ee0eda32931ae2021-12-17 12:32:05.559root 11241100x8000000000000000319838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f82dd7a658fce62021-12-17 12:32:05.559root 11241100x8000000000000000319839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496b5d3856221a102021-12-17 12:32:05.559root 11241100x8000000000000000319840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d8af9c6666c7d02021-12-17 12:32:05.559root 11241100x8000000000000000319841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bfeb3946caf9252021-12-17 12:32:05.559root 11241100x8000000000000000319842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b75ec9ee4af5602021-12-17 12:32:05.559root 11241100x8000000000000000319843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767f1013475b61282021-12-17 12:32:05.559root 11241100x8000000000000000319844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ebdcf80d3c00bb2021-12-17 12:32:05.559root 11241100x8000000000000000319845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2758c6ec6ae81712021-12-17 12:32:05.559root 11241100x8000000000000000319846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a363cc3d55f0e92021-12-17 12:32:05.559root 11241100x8000000000000000319847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10c837743e186092021-12-17 12:32:05.559root 11241100x8000000000000000319848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:05.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c1621be4c96aa52021-12-17 12:32:05.559root 11241100x8000000000000000319849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0089a1b08309e7e2021-12-17 12:32:06.057root 11241100x8000000000000000319850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ad73084ed8779d2021-12-17 12:32:06.057root 11241100x8000000000000000319851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51772b091218b642021-12-17 12:32:06.058root 11241100x8000000000000000319852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8481883f0316105d2021-12-17 12:32:06.058root 11241100x8000000000000000319853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b693b9bdd95dc52021-12-17 12:32:06.058root 11241100x8000000000000000319854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e3c13891a7b6a12021-12-17 12:32:06.058root 11241100x8000000000000000319855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240fb6063a4cbb682021-12-17 12:32:06.058root 11241100x8000000000000000319856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb77c68f412fe43e2021-12-17 12:32:06.058root 11241100x8000000000000000319857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57f024db2d1f3b72021-12-17 12:32:06.058root 11241100x8000000000000000319858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35d2e1ff6a950512021-12-17 12:32:06.058root 11241100x8000000000000000319859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9575908e74a3d02021-12-17 12:32:06.058root 11241100x8000000000000000319860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c97c29c12ee40d62021-12-17 12:32:06.058root 11241100x8000000000000000319861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe10f10f4427dae12021-12-17 12:32:06.058root 11241100x8000000000000000319862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9197cddd6a9f1ddd2021-12-17 12:32:06.058root 11241100x8000000000000000319863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb79bfaa16793322021-12-17 12:32:06.058root 11241100x8000000000000000319864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6991af5a4ea3c782021-12-17 12:32:06.058root 11241100x8000000000000000319865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfab89cd4864b4c32021-12-17 12:32:06.059root 11241100x8000000000000000319866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63f7f2de4adc1f02021-12-17 12:32:06.059root 11241100x8000000000000000319867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a2449c298e190f2021-12-17 12:32:06.059root 11241100x8000000000000000319868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe322c1c81142b82021-12-17 12:32:06.059root 11241100x8000000000000000319869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f029a79fe7fa1562021-12-17 12:32:06.059root 11241100x8000000000000000319870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf42d7d72aaef702021-12-17 12:32:06.059root 11241100x8000000000000000319871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d7f544c47a6aaf2021-12-17 12:32:06.059root 11241100x8000000000000000319872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78bd5543432f7ab2021-12-17 12:32:06.059root 11241100x8000000000000000319873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d20a509439c64d52021-12-17 12:32:06.059root 11241100x8000000000000000319874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0356fdcdac5f26602021-12-17 12:32:06.060root 11241100x8000000000000000319875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5825fb8cbc0bedf32021-12-17 12:32:06.060root 11241100x8000000000000000319876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c109410c5a3d58dc2021-12-17 12:32:06.060root 11241100x8000000000000000319877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f70490cfbff82de2021-12-17 12:32:06.060root 11241100x8000000000000000319878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565cfa88fb68a39d2021-12-17 12:32:06.060root 11241100x8000000000000000319879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be12e917a98cfe62021-12-17 12:32:06.557root 11241100x8000000000000000319880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da960b171193cdfe2021-12-17 12:32:06.558root 11241100x8000000000000000319881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e37402529fbbe62021-12-17 12:32:06.558root 11241100x8000000000000000319882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8cf4197243fd7e2021-12-17 12:32:06.558root 11241100x8000000000000000319883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4decf6d0c9cb8b2021-12-17 12:32:06.558root 11241100x8000000000000000319884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedc5a34c2f76b262021-12-17 12:32:06.558root 11241100x8000000000000000319885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856cf11126df75d22021-12-17 12:32:06.558root 11241100x8000000000000000319886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0f4ee704b0a4e42021-12-17 12:32:06.558root 11241100x8000000000000000319887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16ccf1aaa6146b02021-12-17 12:32:06.558root 11241100x8000000000000000319888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c398c4448fc079f2021-12-17 12:32:06.558root 11241100x8000000000000000319889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449f97edcdd3f1612021-12-17 12:32:06.558root 11241100x8000000000000000319890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6946ef045b35d02021-12-17 12:32:06.558root 11241100x8000000000000000319891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb00df18e76f95022021-12-17 12:32:06.558root 11241100x8000000000000000319892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78612811bbc2aad82021-12-17 12:32:06.558root 11241100x8000000000000000319893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767ebbac4dc5d0fd2021-12-17 12:32:06.558root 11241100x8000000000000000319894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2331f44aeb2878bf2021-12-17 12:32:06.558root 11241100x8000000000000000319895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6899e0dc9e5187242021-12-17 12:32:06.559root 11241100x8000000000000000319896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c370c04236bef5722021-12-17 12:32:06.559root 11241100x8000000000000000319897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea3a3b4b5c3c8032021-12-17 12:32:06.559root 11241100x8000000000000000319898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f112e373e87a722d2021-12-17 12:32:06.559root 11241100x8000000000000000319899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b6cc7d5b7ff3982021-12-17 12:32:06.559root 11241100x8000000000000000319900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ed97e94d45a2f62021-12-17 12:32:06.559root 11241100x8000000000000000319901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2670208f0ad3fd4e2021-12-17 12:32:06.559root 11241100x8000000000000000319902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92011cd9fc4228b02021-12-17 12:32:06.559root 11241100x8000000000000000319903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603b74dfd23a43d82021-12-17 12:32:06.559root 11241100x8000000000000000319904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bed8d8a89f64f232021-12-17 12:32:06.559root 11241100x8000000000000000319905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d1a8e073312fb12021-12-17 12:32:06.559root 11241100x8000000000000000319906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01c2ab6b4ca2dd82021-12-17 12:32:06.559root 11241100x8000000000000000319907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05affd4afba684422021-12-17 12:32:06.559root 11241100x8000000000000000319908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:06.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6435de1d2465102021-12-17 12:32:06.559root 11241100x8000000000000000319909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78acae926ba598272021-12-17 12:32:07.057root 11241100x8000000000000000319910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2251b80739bb82592021-12-17 12:32:07.057root 11241100x8000000000000000319911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bb0c2ceb6737fd2021-12-17 12:32:07.058root 11241100x8000000000000000319912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27927c3ab5ae9802021-12-17 12:32:07.058root 11241100x8000000000000000319913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a6042b233948222021-12-17 12:32:07.058root 11241100x8000000000000000319914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81734a964a4b7a92021-12-17 12:32:07.058root 11241100x8000000000000000319915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1fd8c199f9fa602021-12-17 12:32:07.058root 11241100x8000000000000000319916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d84f233f83767432021-12-17 12:32:07.058root 11241100x8000000000000000319917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d9c416c73c7ee52021-12-17 12:32:07.058root 11241100x8000000000000000319918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502d96b25235fb7f2021-12-17 12:32:07.058root 11241100x8000000000000000319919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7d124ee05b5da62021-12-17 12:32:07.058root 11241100x8000000000000000319920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b67756cd67535c32021-12-17 12:32:07.058root 11241100x8000000000000000319921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0f891a10d5d3b82021-12-17 12:32:07.059root 11241100x8000000000000000319922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e017fbe05424cc2021-12-17 12:32:07.059root 11241100x8000000000000000319923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34d09029c5adac22021-12-17 12:32:07.059root 11241100x8000000000000000319924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4ecbf9cea807602021-12-17 12:32:07.060root 11241100x8000000000000000319925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea670724e781fb6b2021-12-17 12:32:07.060root 11241100x8000000000000000319926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eec80fa8a1a7db2021-12-17 12:32:07.060root 11241100x8000000000000000319927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4295e07934ac1f492021-12-17 12:32:07.060root 11241100x8000000000000000319928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac49209295072692021-12-17 12:32:07.060root 11241100x8000000000000000319929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201fff886ef0a47c2021-12-17 12:32:07.061root 11241100x8000000000000000319930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcf268ee090ba872021-12-17 12:32:07.061root 11241100x8000000000000000319931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19aaf28c6e341c922021-12-17 12:32:07.061root 11241100x8000000000000000319932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc53c3efccd641a22021-12-17 12:32:07.061root 11241100x8000000000000000319933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49e4dcbde53956b2021-12-17 12:32:07.061root 11241100x8000000000000000319934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825f77086eb06f432021-12-17 12:32:07.061root 11241100x8000000000000000319935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a094c5b0f6321ce62021-12-17 12:32:07.061root 11241100x8000000000000000319936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4843eda514a6692021-12-17 12:32:07.062root 11241100x8000000000000000319937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a56eaf56a8bc482021-12-17 12:32:07.062root 11241100x8000000000000000319938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c21b0f882c8b4702021-12-17 12:32:07.062root 11241100x8000000000000000319939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d401b6e915fd672021-12-17 12:32:07.557root 11241100x8000000000000000319940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427b5f9de6d9b7d22021-12-17 12:32:07.557root 11241100x8000000000000000319941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46630675143a3cc02021-12-17 12:32:07.558root 11241100x8000000000000000319942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3b64f00206e6eb2021-12-17 12:32:07.558root 11241100x8000000000000000319943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ae2c5a9f6d7add2021-12-17 12:32:07.558root 11241100x8000000000000000319944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c09817298c1e03f2021-12-17 12:32:07.558root 11241100x8000000000000000319945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ffa323de584a382021-12-17 12:32:07.558root 11241100x8000000000000000319946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebd3ccdb05e97cd2021-12-17 12:32:07.558root 11241100x8000000000000000319947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4fd67e87f1fba42021-12-17 12:32:07.558root 11241100x8000000000000000319948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d79144959d7dd982021-12-17 12:32:07.558root 11241100x8000000000000000319949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6355722f782a0a22021-12-17 12:32:07.558root 11241100x8000000000000000319950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432bd611ce4fb5c72021-12-17 12:32:07.558root 11241100x8000000000000000319951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a490101b7e9b0a92021-12-17 12:32:07.558root 11241100x8000000000000000319952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9defbb898a464d2021-12-17 12:32:07.558root 11241100x8000000000000000319953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08771ec6b3d942f72021-12-17 12:32:07.558root 11241100x8000000000000000319954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ac78ba9eef8eca2021-12-17 12:32:07.559root 11241100x8000000000000000319955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e5b72c755aaeaa2021-12-17 12:32:07.559root 11241100x8000000000000000319956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cab31b46eb3eb4e2021-12-17 12:32:07.559root 11241100x8000000000000000319957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b679de8e6b42a29b2021-12-17 12:32:07.559root 11241100x8000000000000000319958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83795d5dab5e95792021-12-17 12:32:07.559root 11241100x8000000000000000319959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcd841ccf9f64e72021-12-17 12:32:07.559root 11241100x8000000000000000319960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fb384566083bc82021-12-17 12:32:07.559root 11241100x8000000000000000319961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02b8365d1975b9c2021-12-17 12:32:07.559root 11241100x8000000000000000319962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f0661e34e117a52021-12-17 12:32:07.560root 11241100x8000000000000000319963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cb34ef7c036f712021-12-17 12:32:07.560root 11241100x8000000000000000319964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af101a40410c6862021-12-17 12:32:07.560root 11241100x8000000000000000319965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc76bd5a298a1ca2021-12-17 12:32:07.560root 11241100x8000000000000000319966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7274619f696ffaf12021-12-17 12:32:07.560root 11241100x8000000000000000319967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6206c274f2befb7b2021-12-17 12:32:07.560root 11241100x8000000000000000319968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:07.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c184f10ebf7c50202021-12-17 12:32:07.560root 11241100x8000000000000000319969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e6c5ee62163ed2021-12-17 12:32:08.057root 11241100x8000000000000000319970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b03e4477a8232e82021-12-17 12:32:08.057root 11241100x8000000000000000319971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d15d5274a223242021-12-17 12:32:08.058root 11241100x8000000000000000319972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9fefd648acd5b92021-12-17 12:32:08.058root 11241100x8000000000000000319973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b7f8a1e42150512021-12-17 12:32:08.058root 11241100x8000000000000000319974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd321d1d8f5c2112021-12-17 12:32:08.058root 11241100x8000000000000000319975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a7baeab2f2f18f2021-12-17 12:32:08.058root 11241100x8000000000000000319976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19cd9e966f3f89c2021-12-17 12:32:08.058root 11241100x8000000000000000319977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345b86076638b5ec2021-12-17 12:32:08.058root 11241100x8000000000000000319978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2d8851bb9a36042021-12-17 12:32:08.058root 11241100x8000000000000000319979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ec5c04bf75ecd22021-12-17 12:32:08.058root 11241100x8000000000000000319980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decb406beef912712021-12-17 12:32:08.058root 11241100x8000000000000000319981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50df5baa3cee1f3c2021-12-17 12:32:08.058root 11241100x8000000000000000319982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2888fdf3c3db02062021-12-17 12:32:08.058root 11241100x8000000000000000319983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bebb5537b46fa92021-12-17 12:32:08.058root 11241100x8000000000000000319984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b3811382059d062021-12-17 12:32:08.058root 11241100x8000000000000000319985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77ec6a03e766c962021-12-17 12:32:08.059root 11241100x8000000000000000319986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4069090bc1e14ee62021-12-17 12:32:08.059root 11241100x8000000000000000319987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deac9e3a25c80252021-12-17 12:32:08.059root 11241100x8000000000000000319988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40f52cfe3c08d472021-12-17 12:32:08.059root 11241100x8000000000000000319989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7675a44390b2af402021-12-17 12:32:08.059root 11241100x8000000000000000319990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f774965859eb6f2021-12-17 12:32:08.059root 11241100x8000000000000000319991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02b0ffbe7af3abd2021-12-17 12:32:08.059root 11241100x8000000000000000319992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532ea2ef9a11429c2021-12-17 12:32:08.059root 11241100x8000000000000000319993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f6402a8fc235e82021-12-17 12:32:08.059root 11241100x8000000000000000319994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6a61ac8faed32d2021-12-17 12:32:08.059root 11241100x8000000000000000319995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7e8ed4c98e74e92021-12-17 12:32:08.059root 11241100x8000000000000000319996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1e6f890f186e072021-12-17 12:32:08.059root 11241100x8000000000000000319997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d093e1dcdbd24a02021-12-17 12:32:08.059root 11241100x8000000000000000319998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7032467cf5430942021-12-17 12:32:08.059root 354300x8000000000000000319999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.154{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44524-false10.0.1.12-8000- 11241100x8000000000000000320000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aafc0334329c5f52021-12-17 12:32:08.557root 11241100x8000000000000000320001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2165c28c7a300a282021-12-17 12:32:08.557root 11241100x8000000000000000320002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22724fa949fa66a52021-12-17 12:32:08.558root 11241100x8000000000000000320003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7946f24d29801ea2021-12-17 12:32:08.558root 11241100x8000000000000000320004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1429ea76ff0b37a2021-12-17 12:32:08.558root 11241100x8000000000000000320005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a06f71b7c876a572021-12-17 12:32:08.558root 11241100x8000000000000000320006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56da125c719919662021-12-17 12:32:08.558root 11241100x8000000000000000320007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af676b28c41fd1082021-12-17 12:32:08.558root 11241100x8000000000000000320008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66371c7442f4c6b82021-12-17 12:32:08.558root 11241100x8000000000000000320009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed625905e23519b72021-12-17 12:32:08.558root 11241100x8000000000000000320010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb3e45ba5ecaa232021-12-17 12:32:08.558root 11241100x8000000000000000320011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889493625d9bae022021-12-17 12:32:08.558root 11241100x8000000000000000320012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fbb1aeb2bade2a2021-12-17 12:32:08.558root 11241100x8000000000000000320013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174760271b9cb7e82021-12-17 12:32:08.558root 11241100x8000000000000000320014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7465a94465dd36c2021-12-17 12:32:08.558root 11241100x8000000000000000320015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c10fd5067a6bb1a2021-12-17 12:32:08.559root 11241100x8000000000000000320016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483aed33a09636c12021-12-17 12:32:08.559root 11241100x8000000000000000320017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b4e5e61dbeeba22021-12-17 12:32:08.559root 11241100x8000000000000000320018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0144932511a50ed22021-12-17 12:32:08.559root 11241100x8000000000000000320019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae20b2e11e701822021-12-17 12:32:08.559root 11241100x8000000000000000320020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f3a640fa2cfe292021-12-17 12:32:08.559root 11241100x8000000000000000320021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817fd9b8f495f45a2021-12-17 12:32:08.559root 11241100x8000000000000000320022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c376454602bc642d2021-12-17 12:32:08.559root 11241100x8000000000000000320023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd9334aa3654b472021-12-17 12:32:08.559root 11241100x8000000000000000320024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7dfb756255bf8f2021-12-17 12:32:08.559root 11241100x8000000000000000320025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb1bd1974aa627b2021-12-17 12:32:08.559root 11241100x8000000000000000320026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01cac960582c0452021-12-17 12:32:08.559root 11241100x8000000000000000320027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e081e5e7b79580582021-12-17 12:32:08.559root 11241100x8000000000000000320028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf7d56dbf3b7c562021-12-17 12:32:08.560root 11241100x8000000000000000320029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f98c014641e2042021-12-17 12:32:08.560root 11241100x8000000000000000320030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:08.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cface10da64c8232021-12-17 12:32:08.560root 11241100x8000000000000000320031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4338b91776be3a3d2021-12-17 12:32:09.057root 11241100x8000000000000000320032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7a22a688bf4a252021-12-17 12:32:09.057root 11241100x8000000000000000320033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f6479c7a2e97c32021-12-17 12:32:09.058root 11241100x8000000000000000320034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac31ae0bc1096502021-12-17 12:32:09.058root 11241100x8000000000000000320035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6938937ec547af862021-12-17 12:32:09.058root 11241100x8000000000000000320036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bc22a0622dc1d92021-12-17 12:32:09.058root 11241100x8000000000000000320037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c466d1a15e834a842021-12-17 12:32:09.058root 11241100x8000000000000000320038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242f75b3fd31b39a2021-12-17 12:32:09.058root 11241100x8000000000000000320039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1505db39fe2fd0382021-12-17 12:32:09.058root 11241100x8000000000000000320040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ca730f128ba21a2021-12-17 12:32:09.058root 11241100x8000000000000000320041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a07a7aa8471aa82021-12-17 12:32:09.058root 11241100x8000000000000000320042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b631412a6441bd12021-12-17 12:32:09.058root 11241100x8000000000000000320043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f01c419c3fce382021-12-17 12:32:09.058root 11241100x8000000000000000320044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48feb87972c89a4f2021-12-17 12:32:09.058root 11241100x8000000000000000320045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b7d6f667c018fb2021-12-17 12:32:09.058root 11241100x8000000000000000320046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f85624b24e35b7e2021-12-17 12:32:09.058root 11241100x8000000000000000320047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a4617ff6c8b4b12021-12-17 12:32:09.058root 11241100x8000000000000000320048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abad9249034b0412021-12-17 12:32:09.059root 11241100x8000000000000000320049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9620bd328ded10922021-12-17 12:32:09.059root 11241100x8000000000000000320050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65235588713d99c2021-12-17 12:32:09.059root 11241100x8000000000000000320051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9ae66db3f2b6142021-12-17 12:32:09.059root 11241100x8000000000000000320052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b823b27d2bfac42021-12-17 12:32:09.059root 11241100x8000000000000000320053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69f6d37dc3364452021-12-17 12:32:09.059root 11241100x8000000000000000320054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41f07896819210d2021-12-17 12:32:09.059root 11241100x8000000000000000320055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d70877563c395372021-12-17 12:32:09.059root 11241100x8000000000000000320056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c99c40a6ec68802021-12-17 12:32:09.059root 11241100x8000000000000000320057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b0c8118881b4f22021-12-17 12:32:09.059root 11241100x8000000000000000320058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b450f9d2f1b9a922021-12-17 12:32:09.059root 11241100x8000000000000000320059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2675eea58253e5d2021-12-17 12:32:09.059root 11241100x8000000000000000320060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3350ed40775a28d22021-12-17 12:32:09.059root 11241100x8000000000000000320061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b85eb8bd146467d2021-12-17 12:32:09.059root 11241100x8000000000000000320062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9890911a66c86a2021-12-17 12:32:09.557root 11241100x8000000000000000320063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21ecc1dcd0afc142021-12-17 12:32:09.557root 11241100x8000000000000000320064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fbd7b48f397e042021-12-17 12:32:09.558root 11241100x8000000000000000320065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9639769ebbeaf122021-12-17 12:32:09.558root 11241100x8000000000000000320066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57615162e3f47d52021-12-17 12:32:09.558root 11241100x8000000000000000320067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b292d07b72efc9092021-12-17 12:32:09.558root 11241100x8000000000000000320068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0445a21486951f62021-12-17 12:32:09.558root 11241100x8000000000000000320069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7bbb6d936ecbc42021-12-17 12:32:09.558root 11241100x8000000000000000320070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bec17f5baa69e1f2021-12-17 12:32:09.558root 11241100x8000000000000000320071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763d0b0fe34d2a012021-12-17 12:32:09.558root 11241100x8000000000000000320072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508958e99f25f0e72021-12-17 12:32:09.558root 11241100x8000000000000000320073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06e80f01546c3942021-12-17 12:32:09.558root 11241100x8000000000000000320074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e239ae63867c09ea2021-12-17 12:32:09.558root 11241100x8000000000000000320075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4b24be2177008b2021-12-17 12:32:09.558root 11241100x8000000000000000320076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74a2a7d6b4630f92021-12-17 12:32:09.558root 11241100x8000000000000000320077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7973d45f3c25f12021-12-17 12:32:09.558root 11241100x8000000000000000320078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41062b2d12483d052021-12-17 12:32:09.559root 11241100x8000000000000000320079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f89a892e8f804f12021-12-17 12:32:09.559root 11241100x8000000000000000320080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcabe336871bc8912021-12-17 12:32:09.559root 11241100x8000000000000000320081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f36e4932ff813b2021-12-17 12:32:09.559root 11241100x8000000000000000320082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792ba7b3ee4ea4212021-12-17 12:32:09.559root 11241100x8000000000000000320083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ac7aafd4ddd3c72021-12-17 12:32:09.559root 11241100x8000000000000000320084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1587a7893ba6332021-12-17 12:32:09.559root 11241100x8000000000000000320085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b373c01ee91bc42021-12-17 12:32:09.559root 11241100x8000000000000000320086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7942209a253d5f52021-12-17 12:32:09.559root 11241100x8000000000000000320087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d1fa735e29ce832021-12-17 12:32:09.559root 11241100x8000000000000000320088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c6b878337cf5fe2021-12-17 12:32:09.559root 11241100x8000000000000000320089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad18be7faf9f2f3d2021-12-17 12:32:09.559root 11241100x8000000000000000320090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ec2174a43679a52021-12-17 12:32:09.559root 11241100x8000000000000000320091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace226e8e6adb8b82021-12-17 12:32:09.559root 11241100x8000000000000000320092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:09.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b450fd1e988e11f32021-12-17 12:32:09.559root 11241100x8000000000000000320093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6da0720cf490ff72021-12-17 12:32:10.057root 11241100x8000000000000000320094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9883665c894d7ce82021-12-17 12:32:10.057root 11241100x8000000000000000320095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3770e00a4de59d972021-12-17 12:32:10.058root 11241100x8000000000000000320096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638c47b26f589e8f2021-12-17 12:32:10.058root 11241100x8000000000000000320097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e6105afbd2ebf32021-12-17 12:32:10.058root 11241100x8000000000000000320098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9d4b61bca068382021-12-17 12:32:10.058root 11241100x8000000000000000320099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c6463644f8685d2021-12-17 12:32:10.058root 11241100x8000000000000000320100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5698d83b5fe137ab2021-12-17 12:32:10.058root 11241100x8000000000000000320101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5e9c44ea47e2a22021-12-17 12:32:10.058root 11241100x8000000000000000320102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410ab9bcb213a57a2021-12-17 12:32:10.058root 11241100x8000000000000000320103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd0329d59645d5c2021-12-17 12:32:10.058root 11241100x8000000000000000320104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ff8134ad34693c2021-12-17 12:32:10.058root 11241100x8000000000000000320105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a578b172399b8142021-12-17 12:32:10.058root 11241100x8000000000000000320106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e818f1854c20ea7d2021-12-17 12:32:10.058root 11241100x8000000000000000320107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8504bed7d676132c2021-12-17 12:32:10.058root 11241100x8000000000000000320108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343b206b89331fa12021-12-17 12:32:10.058root 11241100x8000000000000000320109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00befec07f922f52021-12-17 12:32:10.058root 11241100x8000000000000000320110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4db104a2e1182cd2021-12-17 12:32:10.059root 11241100x8000000000000000320111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c709f3a0f53d87972021-12-17 12:32:10.059root 11241100x8000000000000000320112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e744727c7bba9f72021-12-17 12:32:10.059root 11241100x8000000000000000320113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74daa4a3874acbc42021-12-17 12:32:10.059root 11241100x8000000000000000320114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a401768568d8e032021-12-17 12:32:10.059root 11241100x8000000000000000320115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d194622860d748bc2021-12-17 12:32:10.059root 11241100x8000000000000000320116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1cff59f36379162021-12-17 12:32:10.059root 11241100x8000000000000000320117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd52058d54b93452021-12-17 12:32:10.059root 11241100x8000000000000000320118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e1525c214a03322021-12-17 12:32:10.059root 11241100x8000000000000000320119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9a336b150bd38e2021-12-17 12:32:10.059root 11241100x8000000000000000320120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c5e8e3f33a6e062021-12-17 12:32:10.059root 11241100x8000000000000000320121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3465c51a22ee16e2021-12-17 12:32:10.059root 11241100x8000000000000000320122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b46cd87a0dfe9de2021-12-17 12:32:10.059root 11241100x8000000000000000320123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ace9f1fa32788c2021-12-17 12:32:10.059root 11241100x8000000000000000320124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002efa68538082ac2021-12-17 12:32:10.557root 11241100x8000000000000000320125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de692a10d3c50d3d2021-12-17 12:32:10.557root 11241100x8000000000000000320126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3073fcf89a1b2992021-12-17 12:32:10.558root 11241100x8000000000000000320127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633ef4f80f5c5ff82021-12-17 12:32:10.558root 11241100x8000000000000000320128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a512afcbd121e752021-12-17 12:32:10.558root 11241100x8000000000000000320129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e98ace472915812021-12-17 12:32:10.558root 11241100x8000000000000000320130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646ae5d5f4a14cca2021-12-17 12:32:10.558root 11241100x8000000000000000320131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8add771f729905772021-12-17 12:32:10.558root 11241100x8000000000000000320132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c34649319517b572021-12-17 12:32:10.558root 11241100x8000000000000000320133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7017bb9192f3334b2021-12-17 12:32:10.558root 11241100x8000000000000000320134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52626ea34e9d48022021-12-17 12:32:10.558root 11241100x8000000000000000320135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a041f6145d4072932021-12-17 12:32:10.558root 11241100x8000000000000000320136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8663d62da23f1142021-12-17 12:32:10.559root 11241100x8000000000000000320137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2721805a403dfb2021-12-17 12:32:10.559root 11241100x8000000000000000320138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daba7a7a1b02af402021-12-17 12:32:10.559root 11241100x8000000000000000320139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780dc3aedcd17c9e2021-12-17 12:32:10.559root 11241100x8000000000000000320140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e4e011d76cb73e2021-12-17 12:32:10.559root 11241100x8000000000000000320141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c732e613e617c4192021-12-17 12:32:10.559root 11241100x8000000000000000320142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71da8349666cd10c2021-12-17 12:32:10.559root 11241100x8000000000000000320143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053f988b51e2d1402021-12-17 12:32:10.560root 11241100x8000000000000000320144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e559653c918e5e82021-12-17 12:32:10.561root 11241100x8000000000000000320145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4ee5eb4c79ba132021-12-17 12:32:10.561root 11241100x8000000000000000320146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6143c5f92fb4912021-12-17 12:32:10.561root 11241100x8000000000000000320147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d5d98adb9fa9e02021-12-17 12:32:10.561root 11241100x8000000000000000320148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5ce7d14be2a0b82021-12-17 12:32:10.561root 11241100x8000000000000000320149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a56e0c434eae56c2021-12-17 12:32:10.561root 11241100x8000000000000000320150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321af7621c2c83ca2021-12-17 12:32:10.561root 11241100x8000000000000000320151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1df00ad6431b4cc2021-12-17 12:32:10.561root 11241100x8000000000000000320152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd0f131f9aeb0362021-12-17 12:32:10.561root 11241100x8000000000000000320153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3aecc36d4bf3dc92021-12-17 12:32:10.561root 11241100x8000000000000000320154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:10.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4d3163f994f8452021-12-17 12:32:10.561root 11241100x8000000000000000320155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b185f5fa035ca9e2021-12-17 12:32:11.057root 11241100x8000000000000000320156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6c464aa85570cc2021-12-17 12:32:11.057root 11241100x8000000000000000320157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cac81c158596112021-12-17 12:32:11.058root 11241100x8000000000000000320158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb48cc1f7a119dc2021-12-17 12:32:11.058root 11241100x8000000000000000320159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a562c5fc916035d2021-12-17 12:32:11.058root 11241100x8000000000000000320160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a5506aa9d71f242021-12-17 12:32:11.058root 11241100x8000000000000000320161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c8dee2bf2a8a832021-12-17 12:32:11.058root 11241100x8000000000000000320162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e887e590a6adfd72021-12-17 12:32:11.058root 11241100x8000000000000000320163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac3133eb275f1f92021-12-17 12:32:11.058root 11241100x8000000000000000320164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680b2cfdcb0b5a582021-12-17 12:32:11.058root 11241100x8000000000000000320165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e31efeebff0b8882021-12-17 12:32:11.058root 11241100x8000000000000000320166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc64e2f7f90a0552021-12-17 12:32:11.058root 11241100x8000000000000000320167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a387497ba806bc52021-12-17 12:32:11.058root 11241100x8000000000000000320168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba59af4badd88162021-12-17 12:32:11.058root 11241100x8000000000000000320169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5b59b2ea69516c2021-12-17 12:32:11.058root 11241100x8000000000000000320170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dac859fee882752021-12-17 12:32:11.058root 11241100x8000000000000000320171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f63b4ffb8f27162021-12-17 12:32:11.058root 11241100x8000000000000000320172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c634714c4684b22021-12-17 12:32:11.059root 11241100x8000000000000000320173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb6d721d8d1e5692021-12-17 12:32:11.059root 11241100x8000000000000000320174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd9033d47e202c22021-12-17 12:32:11.059root 11241100x8000000000000000320175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2b2d69fd7190022021-12-17 12:32:11.059root 11241100x8000000000000000320176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1358daee2d2539f2021-12-17 12:32:11.059root 11241100x8000000000000000320177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080074ec34e831672021-12-17 12:32:11.059root 11241100x8000000000000000320178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077c5442a3149c242021-12-17 12:32:11.059root 11241100x8000000000000000320179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58df40f03f02c012021-12-17 12:32:11.059root 11241100x8000000000000000320180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf97a0eadd4d21282021-12-17 12:32:11.059root 11241100x8000000000000000320181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efece56112d318232021-12-17 12:32:11.059root 11241100x8000000000000000320182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d25327775da76d2021-12-17 12:32:11.059root 11241100x8000000000000000320183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34a229858823a2c2021-12-17 12:32:11.059root 11241100x8000000000000000320184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb11824ca4c1a2db2021-12-17 12:32:11.059root 11241100x8000000000000000320185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff81b3234e3417812021-12-17 12:32:11.059root 11241100x8000000000000000320186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44836e277fe2da152021-12-17 12:32:11.557root 11241100x8000000000000000320187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b153cbb3f005dcd2021-12-17 12:32:11.557root 11241100x8000000000000000320188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7918d9fa6ba7cc2f2021-12-17 12:32:11.558root 11241100x8000000000000000320189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8d2eefc61821922021-12-17 12:32:11.558root 11241100x8000000000000000320190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acdfca0e3b4a5302021-12-17 12:32:11.558root 11241100x8000000000000000320191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9277ff999d4aa772021-12-17 12:32:11.558root 11241100x8000000000000000320192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513cd958406fd9ae2021-12-17 12:32:11.558root 11241100x8000000000000000320193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ed634e7fbd69da2021-12-17 12:32:11.558root 11241100x8000000000000000320194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156ed4b77d428a5d2021-12-17 12:32:11.558root 11241100x8000000000000000320195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca693be93ebd3132021-12-17 12:32:11.558root 11241100x8000000000000000320196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99a25e2871e71cb2021-12-17 12:32:11.558root 11241100x8000000000000000320197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ef463d070b180e2021-12-17 12:32:11.558root 11241100x8000000000000000320198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb3a3705a31c63a2021-12-17 12:32:11.558root 11241100x8000000000000000320199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe98a8b9d14e1fa2021-12-17 12:32:11.558root 11241100x8000000000000000320200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8821ae6f6a0a7902021-12-17 12:32:11.558root 11241100x8000000000000000320201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbef94d599c1fbe72021-12-17 12:32:11.558root 11241100x8000000000000000320202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9dce7ccce19f092021-12-17 12:32:11.558root 11241100x8000000000000000320203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4d0ca26eded0912021-12-17 12:32:11.559root 11241100x8000000000000000320204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14879e3d129da4892021-12-17 12:32:11.559root 11241100x8000000000000000320205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e581ab3af741e642021-12-17 12:32:11.559root 11241100x8000000000000000320206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c06db54cdbe25bc2021-12-17 12:32:11.559root 11241100x8000000000000000320207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569480c579f155d02021-12-17 12:32:11.559root 11241100x8000000000000000320208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69688deb5b25d642021-12-17 12:32:11.559root 11241100x8000000000000000320209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98b8fc93182c2db2021-12-17 12:32:11.559root 11241100x8000000000000000320210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d97bb441db76f262021-12-17 12:32:11.559root 11241100x8000000000000000320211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284c47391e274aa42021-12-17 12:32:11.559root 11241100x8000000000000000320212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd64e358dd4380ff2021-12-17 12:32:11.559root 11241100x8000000000000000320213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3679d604a9b0500b2021-12-17 12:32:11.559root 11241100x8000000000000000320214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907736ebd90502802021-12-17 12:32:11.559root 11241100x8000000000000000320215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b49b6217e60143b2021-12-17 12:32:11.559root 11241100x8000000000000000320216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:11.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7f3098340e4db52021-12-17 12:32:11.559root 11241100x8000000000000000320217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1eefbc2270dc5452021-12-17 12:32:12.057root 11241100x8000000000000000320218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2200a76bdf994f2021-12-17 12:32:12.057root 11241100x8000000000000000320219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f7f2dcde6e8d782021-12-17 12:32:12.058root 11241100x8000000000000000320220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753954f1dd2fd6bf2021-12-17 12:32:12.058root 11241100x8000000000000000320221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5731b2a3890c81162021-12-17 12:32:12.058root 11241100x8000000000000000320222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a34db3564470fb52021-12-17 12:32:12.058root 11241100x8000000000000000320223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fea948243495232021-12-17 12:32:12.058root 11241100x8000000000000000320224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188e5f9353c645872021-12-17 12:32:12.058root 11241100x8000000000000000320225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70ce71a200e35aa2021-12-17 12:32:12.058root 11241100x8000000000000000320226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff164801871924772021-12-17 12:32:12.058root 11241100x8000000000000000320227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0e1e31c10bbf8f2021-12-17 12:32:12.058root 11241100x8000000000000000320228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a197ed1afbf4952021-12-17 12:32:12.058root 11241100x8000000000000000320229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e396f0e8913817682021-12-17 12:32:12.058root 11241100x8000000000000000320230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422eb08467df8b572021-12-17 12:32:12.058root 11241100x8000000000000000320231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3442c723bc7ecb2021-12-17 12:32:12.058root 11241100x8000000000000000320232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628333364487f2e52021-12-17 12:32:12.058root 11241100x8000000000000000320233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c8f826a5f31cf12021-12-17 12:32:12.059root 11241100x8000000000000000320234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca56c851253cbbaf2021-12-17 12:32:12.059root 11241100x8000000000000000320235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1df6d1ea936f8b2021-12-17 12:32:12.059root 11241100x8000000000000000320236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a761aa4d2a403992021-12-17 12:32:12.059root 11241100x8000000000000000320237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e320b6c25cedc82021-12-17 12:32:12.059root 11241100x8000000000000000320238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ff888243e236882021-12-17 12:32:12.059root 11241100x8000000000000000320239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f339880de0bbe0322021-12-17 12:32:12.059root 11241100x8000000000000000320240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5974baf0c31aaedf2021-12-17 12:32:12.059root 11241100x8000000000000000320241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eef6d8114ebf11d2021-12-17 12:32:12.059root 11241100x8000000000000000320242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859dbc17b9cb761e2021-12-17 12:32:12.059root 11241100x8000000000000000320243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3755fcc0cc55caac2021-12-17 12:32:12.059root 11241100x8000000000000000320244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c72d6e6b66aac9e2021-12-17 12:32:12.059root 11241100x8000000000000000320245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64898b75a24b61ac2021-12-17 12:32:12.059root 11241100x8000000000000000320246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4b685685133c7a2021-12-17 12:32:12.059root 11241100x8000000000000000320247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0e8ce99d41b4c72021-12-17 12:32:12.059root 11241100x8000000000000000320248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2b7001f19bea672021-12-17 12:32:12.557root 11241100x8000000000000000320249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0335603ff8d94622021-12-17 12:32:12.557root 11241100x8000000000000000320250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403beb385499ee9c2021-12-17 12:32:12.558root 11241100x8000000000000000320251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e608b4c01986bed42021-12-17 12:32:12.558root 11241100x8000000000000000320252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce1d33abd8a6a312021-12-17 12:32:12.558root 11241100x8000000000000000320253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1924140c8aac7c4a2021-12-17 12:32:12.558root 11241100x8000000000000000320254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0e29521e79e6702021-12-17 12:32:12.558root 11241100x8000000000000000320255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412948ba138db7052021-12-17 12:32:12.558root 11241100x8000000000000000320256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7de9829c6c377b2021-12-17 12:32:12.558root 11241100x8000000000000000320257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12df7aa1873843502021-12-17 12:32:12.558root 11241100x8000000000000000320258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab43ba87f6e986e2021-12-17 12:32:12.558root 11241100x8000000000000000320259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a03e0aaaca27f22021-12-17 12:32:12.558root 11241100x8000000000000000320260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653f4ece4f4cbdcf2021-12-17 12:32:12.558root 11241100x8000000000000000320261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35248e51e40c9812021-12-17 12:32:12.558root 11241100x8000000000000000320262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2c16a02f499a552021-12-17 12:32:12.558root 11241100x8000000000000000320263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f78cb920a3fa9732021-12-17 12:32:12.558root 11241100x8000000000000000320264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34f64dca15c44842021-12-17 12:32:12.558root 11241100x8000000000000000320265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16108f306bdbe40e2021-12-17 12:32:12.559root 11241100x8000000000000000320266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c761361b155330902021-12-17 12:32:12.559root 11241100x8000000000000000320267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6365138bdefe95b02021-12-17 12:32:12.559root 11241100x8000000000000000320268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf384d47c5b360882021-12-17 12:32:12.559root 11241100x8000000000000000320269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b76e77faf786242021-12-17 12:32:12.559root 11241100x8000000000000000320270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5e8a9209319aa12021-12-17 12:32:12.559root 11241100x8000000000000000320271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4c43a6deb831ac2021-12-17 12:32:12.559root 11241100x8000000000000000320272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85ed509d126d9d32021-12-17 12:32:12.559root 11241100x8000000000000000320273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdd848273536dce2021-12-17 12:32:12.559root 11241100x8000000000000000320274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da98073e4d579e32021-12-17 12:32:12.559root 11241100x8000000000000000320275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46560bf5e5f07372021-12-17 12:32:12.559root 11241100x8000000000000000320276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255aa240ff24cdca2021-12-17 12:32:12.559root 11241100x8000000000000000320277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b177ae0d087b43c62021-12-17 12:32:12.559root 11241100x8000000000000000320278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:12.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bceb2657b2ee9e2021-12-17 12:32:12.559root 11241100x8000000000000000320279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c510aee878f8f1e2021-12-17 12:32:13.057root 11241100x8000000000000000320280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cdd152b322816f2021-12-17 12:32:13.057root 11241100x8000000000000000320281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab055dd5b51e33d2021-12-17 12:32:13.058root 11241100x8000000000000000320282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d11bf4f5de7dc72021-12-17 12:32:13.058root 11241100x8000000000000000320283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a19bcdf65438b02021-12-17 12:32:13.058root 11241100x8000000000000000320284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814dfdc93749a34b2021-12-17 12:32:13.058root 11241100x8000000000000000320285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5333cdafbdc2d3c2021-12-17 12:32:13.058root 11241100x8000000000000000320286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacd33c2abce23172021-12-17 12:32:13.058root 11241100x8000000000000000320287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa35b969d7061ae2021-12-17 12:32:13.058root 11241100x8000000000000000320288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43cb4c074f8516d2021-12-17 12:32:13.058root 11241100x8000000000000000320289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a482804b07afc8d32021-12-17 12:32:13.058root 11241100x8000000000000000320290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5def2e10ecbf2b2a2021-12-17 12:32:13.058root 11241100x8000000000000000320291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d4a77864f96c462021-12-17 12:32:13.058root 11241100x8000000000000000320292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b103f088c1472342021-12-17 12:32:13.058root 11241100x8000000000000000320293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2d96c000b6d84b2021-12-17 12:32:13.058root 11241100x8000000000000000320294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb9746d9e3d51a22021-12-17 12:32:13.058root 11241100x8000000000000000320295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724f1ae5e2024b5a2021-12-17 12:32:13.059root 11241100x8000000000000000320296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda83b75620030552021-12-17 12:32:13.059root 11241100x8000000000000000320297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b88e52f5b197a282021-12-17 12:32:13.059root 11241100x8000000000000000320298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5d7bc843f001072021-12-17 12:32:13.059root 11241100x8000000000000000320299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e45dba3887deb22021-12-17 12:32:13.059root 11241100x8000000000000000320300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d2fc81729f0d392021-12-17 12:32:13.059root 11241100x8000000000000000320301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d4d896bd103f802021-12-17 12:32:13.059root 11241100x8000000000000000320302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dccc11feab8ec1d2021-12-17 12:32:13.059root 11241100x8000000000000000320303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928536fa4abe4a962021-12-17 12:32:13.059root 11241100x8000000000000000320304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7986fc26099521b52021-12-17 12:32:13.059root 11241100x8000000000000000320305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295226ef028db9c72021-12-17 12:32:13.059root 11241100x8000000000000000320306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ce27a9e27e1cf82021-12-17 12:32:13.059root 11241100x8000000000000000320307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f2b8dec8b471652021-12-17 12:32:13.059root 11241100x8000000000000000320308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c7afddbef4b1942021-12-17 12:32:13.059root 11241100x8000000000000000320309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ba478f6ad19eeb2021-12-17 12:32:13.059root 354300x8000000000000000320310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.202{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44526-false10.0.1.12-8000- 11241100x8000000000000000320311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e8ade4ce2377652021-12-17 12:32:13.557root 11241100x8000000000000000320312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992b8388869ef03a2021-12-17 12:32:13.558root 11241100x8000000000000000320313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce49ddb323790fd92021-12-17 12:32:13.558root 11241100x8000000000000000320314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13adf8f93c16e5d82021-12-17 12:32:13.558root 11241100x8000000000000000320315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03409cc71272b912021-12-17 12:32:13.558root 11241100x8000000000000000320316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfabe6b5a6f2b342021-12-17 12:32:13.558root 11241100x8000000000000000320317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fd8e4b6fdf986a2021-12-17 12:32:13.558root 11241100x8000000000000000320318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8c2dd75f75ede62021-12-17 12:32:13.558root 11241100x8000000000000000320319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9692ca0eb80b919d2021-12-17 12:32:13.558root 11241100x8000000000000000320320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3465e1d77fade84e2021-12-17 12:32:13.558root 11241100x8000000000000000320321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9630df4805b41d2021-12-17 12:32:13.558root 11241100x8000000000000000320322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe0221b38aa14bf2021-12-17 12:32:13.558root 11241100x8000000000000000320323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869eb9002bcc8dbb2021-12-17 12:32:13.559root 11241100x8000000000000000320324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d7f8a517d5b0072021-12-17 12:32:13.559root 11241100x8000000000000000320325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dabb79c300346d82021-12-17 12:32:13.559root 11241100x8000000000000000320326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1185307ff27b9cc72021-12-17 12:32:13.559root 11241100x8000000000000000320327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56e7e44d3a9d9f12021-12-17 12:32:13.559root 11241100x8000000000000000320328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11531dc141fc05c22021-12-17 12:32:13.559root 11241100x8000000000000000320329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56510ef07ef797f72021-12-17 12:32:13.559root 11241100x8000000000000000320330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efd65cc00e4b1342021-12-17 12:32:13.559root 11241100x8000000000000000320331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa7ea7fee8f48d22021-12-17 12:32:13.559root 11241100x8000000000000000320332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055ebf80c37428532021-12-17 12:32:13.559root 11241100x8000000000000000320333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70362f6cb4fe7442021-12-17 12:32:13.559root 11241100x8000000000000000320334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d98163fb7f6b662021-12-17 12:32:13.559root 11241100x8000000000000000320335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962c1cb49ce412c62021-12-17 12:32:13.559root 11241100x8000000000000000320336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2947e223ae15f50b2021-12-17 12:32:13.559root 11241100x8000000000000000320337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65760eec8feaf1232021-12-17 12:32:13.559root 11241100x8000000000000000320338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2398dbe59dc11b32021-12-17 12:32:13.560root 11241100x8000000000000000320339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6351845818973fa22021-12-17 12:32:13.560root 11241100x8000000000000000320340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac57dd59250c14782021-12-17 12:32:13.560root 11241100x8000000000000000320341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52001f4c7877106a2021-12-17 12:32:13.560root 11241100x8000000000000000320342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:13.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c27739b865d1942021-12-17 12:32:13.560root 11241100x8000000000000000320343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbcc3d2a025350c2021-12-17 12:32:14.057root 11241100x8000000000000000320344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1595fe5459ba66712021-12-17 12:32:14.058root 11241100x8000000000000000320345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ce7274693c7a682021-12-17 12:32:14.058root 11241100x8000000000000000320346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0483391dda40e1872021-12-17 12:32:14.058root 11241100x8000000000000000320347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29840ac1bf131a0a2021-12-17 12:32:14.058root 11241100x8000000000000000320348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdaeef196fa2ccb12021-12-17 12:32:14.058root 11241100x8000000000000000320349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09894c11f3e539df2021-12-17 12:32:14.058root 11241100x8000000000000000320350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b04479904806702021-12-17 12:32:14.058root 11241100x8000000000000000320351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9012e6e27988b29d2021-12-17 12:32:14.058root 11241100x8000000000000000320352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d97ff2bbf6900f2021-12-17 12:32:14.058root 11241100x8000000000000000320353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b7914f36d28fda2021-12-17 12:32:14.058root 11241100x8000000000000000320354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b4cef2b89213a92021-12-17 12:32:14.058root 11241100x8000000000000000320355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e54217f5e400c82021-12-17 12:32:14.058root 11241100x8000000000000000320356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42c4649fb3478a12021-12-17 12:32:14.058root 11241100x8000000000000000320357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625325bfc6ccddd72021-12-17 12:32:14.059root 11241100x8000000000000000320358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095fc240f329b54b2021-12-17 12:32:14.059root 11241100x8000000000000000320359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4c32b2f741c6e52021-12-17 12:32:14.059root 11241100x8000000000000000320360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b34bba413e87322021-12-17 12:32:14.059root 11241100x8000000000000000320361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a528ed88820ff9a2021-12-17 12:32:14.059root 11241100x8000000000000000320362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a18bd6a5d54799e2021-12-17 12:32:14.059root 11241100x8000000000000000320363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def6ff6c86f92d732021-12-17 12:32:14.059root 11241100x8000000000000000320364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13be65242021b4c22021-12-17 12:32:14.059root 11241100x8000000000000000320365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0012c0dc0d3337a2021-12-17 12:32:14.059root 11241100x8000000000000000320366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f312631a8557562021-12-17 12:32:14.059root 11241100x8000000000000000320367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1cad3258785ebb2021-12-17 12:32:14.059root 11241100x8000000000000000320368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b22305706823ae52021-12-17 12:32:14.059root 11241100x8000000000000000320369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96609ca6d38f97ab2021-12-17 12:32:14.059root 11241100x8000000000000000320370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42c786105351df32021-12-17 12:32:14.060root 11241100x8000000000000000320371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b981e149ec86fd102021-12-17 12:32:14.060root 11241100x8000000000000000320372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bb716f43d344e82021-12-17 12:32:14.060root 11241100x8000000000000000320373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fd25e649911d332021-12-17 12:32:14.060root 11241100x8000000000000000320374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bd8abd232b5b9b2021-12-17 12:32:14.060root 11241100x8000000000000000320375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8704e89967c3ddec2021-12-17 12:32:14.557root 11241100x8000000000000000320376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb873c7aa3445162021-12-17 12:32:14.558root 11241100x8000000000000000320377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b9d7e366ee8e0f2021-12-17 12:32:14.558root 11241100x8000000000000000320378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0ff6aba8a585cf2021-12-17 12:32:14.558root 11241100x8000000000000000320379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a86523a4f2a2d22021-12-17 12:32:14.558root 11241100x8000000000000000320380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7e46f37196468b2021-12-17 12:32:14.558root 11241100x8000000000000000320381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ba0d71bb0c18d92021-12-17 12:32:14.558root 11241100x8000000000000000320382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11df5865b47c977a2021-12-17 12:32:14.558root 11241100x8000000000000000320383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87455b9222b04ed2021-12-17 12:32:14.558root 11241100x8000000000000000320384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201d7b1d96a414a12021-12-17 12:32:14.558root 11241100x8000000000000000320385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3002c26a5019969e2021-12-17 12:32:14.558root 11241100x8000000000000000320386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36b5c63e2b6796e2021-12-17 12:32:14.558root 11241100x8000000000000000320387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5405f352e08d522021-12-17 12:32:14.558root 11241100x8000000000000000320388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3355c829ad98b5272021-12-17 12:32:14.558root 11241100x8000000000000000320389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7724c177833e33b2021-12-17 12:32:14.558root 11241100x8000000000000000320390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859d35829903f5782021-12-17 12:32:14.559root 11241100x8000000000000000320391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f28ab16a27ce582021-12-17 12:32:14.559root 11241100x8000000000000000320392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d6a39976dec08a2021-12-17 12:32:14.559root 11241100x8000000000000000320393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f2e3bba5b7881e2021-12-17 12:32:14.559root 11241100x8000000000000000320394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef89dcde19a1771f2021-12-17 12:32:14.559root 11241100x8000000000000000320395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67e4183882049772021-12-17 12:32:14.559root 11241100x8000000000000000320396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321b41d7d2847f5b2021-12-17 12:32:14.559root 11241100x8000000000000000320397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913f102e30e1fb9a2021-12-17 12:32:14.559root 11241100x8000000000000000320398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5b0705c4b4b4f52021-12-17 12:32:14.559root 11241100x8000000000000000320399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d1ad1dbbc48bbb2021-12-17 12:32:14.559root 11241100x8000000000000000320400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0006275379686fa32021-12-17 12:32:14.559root 11241100x8000000000000000320401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b053c86c3bc37e862021-12-17 12:32:14.559root 11241100x8000000000000000320402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61cae28081760a82021-12-17 12:32:14.559root 11241100x8000000000000000320403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef1921ed1936abb2021-12-17 12:32:14.559root 11241100x8000000000000000320404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165db6ffab9a0bb52021-12-17 12:32:14.559root 11241100x8000000000000000320405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c623f3ee00ab7b2021-12-17 12:32:14.560root 11241100x8000000000000000320406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:14.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05ada489aea24872021-12-17 12:32:14.560root 11241100x8000000000000000320407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedd77c388e629132021-12-17 12:32:15.057root 11241100x8000000000000000320408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f8fa6e23fad2982021-12-17 12:32:15.058root 11241100x8000000000000000320409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcf1b333aa5d8bc2021-12-17 12:32:15.058root 11241100x8000000000000000320410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229d640f24f5b3072021-12-17 12:32:15.058root 11241100x8000000000000000320411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408ebb111d8094232021-12-17 12:32:15.058root 11241100x8000000000000000320412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878efa3551d584b52021-12-17 12:32:15.058root 11241100x8000000000000000320413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bd7d11dd66473b2021-12-17 12:32:15.058root 11241100x8000000000000000320414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bedb00fac1471432021-12-17 12:32:15.058root 11241100x8000000000000000320415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154f17a7316631f82021-12-17 12:32:15.058root 11241100x8000000000000000320416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b670616cb95329af2021-12-17 12:32:15.059root 11241100x8000000000000000320417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7702cace6576c22021-12-17 12:32:15.059root 11241100x8000000000000000320418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8569a6fa94971f72021-12-17 12:32:15.059root 11241100x8000000000000000320419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807d61a36bca318b2021-12-17 12:32:15.059root 11241100x8000000000000000320420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ec16acfa0afebd2021-12-17 12:32:15.060root 11241100x8000000000000000320421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7c886eb85415182021-12-17 12:32:15.060root 11241100x8000000000000000320422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f48f4e756c52d02021-12-17 12:32:15.068root 11241100x8000000000000000320423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143b27af73c320d92021-12-17 12:32:15.068root 11241100x8000000000000000320424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dc2786c15ffade2021-12-17 12:32:15.068root 11241100x8000000000000000320425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144b6987349adbac2021-12-17 12:32:15.068root 11241100x8000000000000000320426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cac3a0d3a9adf52021-12-17 12:32:15.068root 11241100x8000000000000000320427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391cd9d5ade227272021-12-17 12:32:15.068root 11241100x8000000000000000320428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39b4459f52e410e2021-12-17 12:32:15.068root 11241100x8000000000000000320429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d4010b4917f7142021-12-17 12:32:15.069root 11241100x8000000000000000320430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75684b14b2796af52021-12-17 12:32:15.069root 11241100x8000000000000000320431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de83ed3540cee44f2021-12-17 12:32:15.069root 11241100x8000000000000000320432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919a88055cf773a22021-12-17 12:32:15.069root 11241100x8000000000000000320433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c8ed26104d3b2d2021-12-17 12:32:15.069root 11241100x8000000000000000320434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155d076cf57582802021-12-17 12:32:15.069root 11241100x8000000000000000320435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a881bf7a8810e12021-12-17 12:32:15.069root 11241100x8000000000000000320436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23042b9d1052c5a42021-12-17 12:32:15.069root 11241100x8000000000000000320437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45f5c606de348ad2021-12-17 12:32:15.069root 11241100x8000000000000000320438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441a1f4d442001402021-12-17 12:32:15.069root 11241100x8000000000000000320439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6182f307e131ae2021-12-17 12:32:15.557root 11241100x8000000000000000320440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee351333579e4f3a2021-12-17 12:32:15.558root 11241100x8000000000000000320441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f14536c72e8bf902021-12-17 12:32:15.558root 11241100x8000000000000000320442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a27396aa8347d92021-12-17 12:32:15.558root 11241100x8000000000000000320443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98638a67b9584762021-12-17 12:32:15.558root 11241100x8000000000000000320444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c003e75ec79e372021-12-17 12:32:15.558root 11241100x8000000000000000320445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa66c73f52e57212021-12-17 12:32:15.558root 11241100x8000000000000000320446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b5e0ec759c1e922021-12-17 12:32:15.558root 11241100x8000000000000000320447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08a42e03f1051ca2021-12-17 12:32:15.558root 11241100x8000000000000000320448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e0d5b5d76a61d22021-12-17 12:32:15.558root 11241100x8000000000000000320449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a356c402b01de82021-12-17 12:32:15.558root 11241100x8000000000000000320450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdedd3091c9ec0e72021-12-17 12:32:15.558root 11241100x8000000000000000320451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b51c35a02b2d4c2021-12-17 12:32:15.559root 11241100x8000000000000000320452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10b80c458d0e88e2021-12-17 12:32:15.559root 11241100x8000000000000000320453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe612044ee13f272021-12-17 12:32:15.559root 11241100x8000000000000000320454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5285b1134eba38082021-12-17 12:32:15.559root 11241100x8000000000000000320455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077009c3a9913b982021-12-17 12:32:15.559root 11241100x8000000000000000320456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4be2fd7dc5f4e82021-12-17 12:32:15.559root 11241100x8000000000000000320457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3930b57a935bc12021-12-17 12:32:15.559root 11241100x8000000000000000320458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eec7db16a8b8ab2021-12-17 12:32:15.559root 11241100x8000000000000000320459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c62ff8116411eb92021-12-17 12:32:15.559root 11241100x8000000000000000320460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51240b38469f5da2021-12-17 12:32:15.559root 11241100x8000000000000000320461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97706f7b1f8af0772021-12-17 12:32:15.559root 11241100x8000000000000000320462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2db0da003bbeed2021-12-17 12:32:15.560root 11241100x8000000000000000320463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9972b5671f156c82021-12-17 12:32:15.560root 11241100x8000000000000000320464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b06d8a9b7fefbbc2021-12-17 12:32:15.560root 11241100x8000000000000000320465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4458072d4027ca8c2021-12-17 12:32:15.560root 11241100x8000000000000000320466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a72d8a61ce197b42021-12-17 12:32:15.560root 11241100x8000000000000000320467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e78322e539f3ab52021-12-17 12:32:15.560root 11241100x8000000000000000320468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e692bfe2434d1d2021-12-17 12:32:15.560root 11241100x8000000000000000320469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a68b0f2f3d23aa2021-12-17 12:32:15.560root 11241100x8000000000000000320470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:15.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d9f13562b2b0fe2021-12-17 12:32:15.560root 11241100x8000000000000000320471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5ec197d24d5a752021-12-17 12:32:16.057root 11241100x8000000000000000320472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45f33103d90dce32021-12-17 12:32:16.058root 11241100x8000000000000000320473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8928827f1efb19142021-12-17 12:32:16.058root 11241100x8000000000000000320474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f3a66dff39dfd72021-12-17 12:32:16.058root 11241100x8000000000000000320475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e988884c722c992021-12-17 12:32:16.058root 11241100x8000000000000000320476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f770bc65eaa13e792021-12-17 12:32:16.058root 11241100x8000000000000000320477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b928ee64146e24e22021-12-17 12:32:16.058root 11241100x8000000000000000320478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f8b0b5ff7ec4ba2021-12-17 12:32:16.058root 11241100x8000000000000000320479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a048d70f676cd9b2021-12-17 12:32:16.058root 11241100x8000000000000000320480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd02cda5cb9ea842021-12-17 12:32:16.058root 11241100x8000000000000000320481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b64fe7c411b13ed2021-12-17 12:32:16.058root 11241100x8000000000000000320482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a467785f6b3395822021-12-17 12:32:16.058root 11241100x8000000000000000320483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2374663f3d1556c2021-12-17 12:32:16.058root 11241100x8000000000000000320484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6c70a89ab989392021-12-17 12:32:16.058root 11241100x8000000000000000320485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2757cad72db614f32021-12-17 12:32:16.058root 11241100x8000000000000000320486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58636393070a4e62021-12-17 12:32:16.058root 11241100x8000000000000000320487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131940fffec675f52021-12-17 12:32:16.059root 11241100x8000000000000000320488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d0870d1b873ac92021-12-17 12:32:16.059root 11241100x8000000000000000320489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e2d620be9f9d5f2021-12-17 12:32:16.059root 11241100x8000000000000000320490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255d9a5f5a71ed2d2021-12-17 12:32:16.059root 11241100x8000000000000000320491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8827205438c42f2021-12-17 12:32:16.059root 11241100x8000000000000000320492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6156c3b786243d3d2021-12-17 12:32:16.059root 11241100x8000000000000000320493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43cf655a6ba130d2021-12-17 12:32:16.059root 11241100x8000000000000000320494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6ee26113fa20062021-12-17 12:32:16.059root 11241100x8000000000000000320495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e1512c7f8794662021-12-17 12:32:16.059root 11241100x8000000000000000320496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9c045a45c131062021-12-17 12:32:16.059root 11241100x8000000000000000320497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6a8676212875792021-12-17 12:32:16.059root 11241100x8000000000000000320498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd272582c989acb2021-12-17 12:32:16.059root 11241100x8000000000000000320499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6685f41a7698f592021-12-17 12:32:16.059root 11241100x8000000000000000320500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bec4cb986f2bd42021-12-17 12:32:16.059root 11241100x8000000000000000320501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795cdb850d3becb62021-12-17 12:32:16.059root 11241100x8000000000000000320502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a67bd8c4733cf422021-12-17 12:32:16.060root 11241100x8000000000000000320503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e43b373a3cba1a2021-12-17 12:32:16.558root 11241100x8000000000000000320504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae71a8b990c02bd32021-12-17 12:32:16.558root 11241100x8000000000000000320505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b25683aaaa71a352021-12-17 12:32:16.558root 11241100x8000000000000000320506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375970c746407e212021-12-17 12:32:16.558root 11241100x8000000000000000320507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1955b141e43c30972021-12-17 12:32:16.558root 11241100x8000000000000000320508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e21c5c3f527a2782021-12-17 12:32:16.558root 11241100x8000000000000000320509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2eb154c3558fe92021-12-17 12:32:16.558root 11241100x8000000000000000320510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9534267c6db0b5e2021-12-17 12:32:16.558root 11241100x8000000000000000320511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79dab3e8a8fa3b42021-12-17 12:32:16.558root 11241100x8000000000000000320512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1034b1dbad8ab3f92021-12-17 12:32:16.558root 11241100x8000000000000000320513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7be7ba4f991896d2021-12-17 12:32:16.558root 11241100x8000000000000000320514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab81c026c5e46772021-12-17 12:32:16.558root 11241100x8000000000000000320515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6800a2c16f4d5dc52021-12-17 12:32:16.559root 11241100x8000000000000000320516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80218e5c1e546dd32021-12-17 12:32:16.559root 11241100x8000000000000000320517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c27a8b2b7492832021-12-17 12:32:16.559root 11241100x8000000000000000320518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fc9849c304d72f2021-12-17 12:32:16.559root 11241100x8000000000000000320519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9367b756435383c72021-12-17 12:32:16.559root 11241100x8000000000000000320520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b389568e06978502021-12-17 12:32:16.559root 11241100x8000000000000000320521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fccffbf66e26b72021-12-17 12:32:16.559root 11241100x8000000000000000320522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893157d64609f9ea2021-12-17 12:32:16.560root 11241100x8000000000000000320523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33537e5e32a851e2021-12-17 12:32:16.560root 11241100x8000000000000000320524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeb88c32ec3f2262021-12-17 12:32:16.560root 11241100x8000000000000000320525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14254b78ecd276632021-12-17 12:32:16.560root 11241100x8000000000000000320526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a100aad76cdf39b72021-12-17 12:32:16.560root 11241100x8000000000000000320527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bcd73ac49f24572021-12-17 12:32:16.560root 11241100x8000000000000000320528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483a1b1da796e6ae2021-12-17 12:32:16.560root 11241100x8000000000000000320529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a4099c67ea46fd2021-12-17 12:32:16.560root 11241100x8000000000000000320530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fa92eb65fec2902021-12-17 12:32:16.561root 11241100x8000000000000000320531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70dc893aaa3b2532021-12-17 12:32:16.561root 11241100x8000000000000000320532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02d0dde10503c422021-12-17 12:32:16.561root 11241100x8000000000000000320533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc279bcb87037be2021-12-17 12:32:16.562root 11241100x8000000000000000320534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:16.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bc4d1d3be804792021-12-17 12:32:16.562root 11241100x8000000000000000320535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bead90aa14053242021-12-17 12:32:17.057root 11241100x8000000000000000320536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c133ca1f6138a32021-12-17 12:32:17.057root 11241100x8000000000000000320537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9958efc4c031f12021-12-17 12:32:17.058root 11241100x8000000000000000320538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742e12c0f04149642021-12-17 12:32:17.058root 11241100x8000000000000000320539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229b4654d958dc952021-12-17 12:32:17.058root 11241100x8000000000000000320540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa520d9c1922d172021-12-17 12:32:17.058root 11241100x8000000000000000320541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d4ac7a841bf3d82021-12-17 12:32:17.058root 11241100x8000000000000000320542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938816e8cc90b8c42021-12-17 12:32:17.058root 11241100x8000000000000000320543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61615b720fcba0f2021-12-17 12:32:17.058root 11241100x8000000000000000320544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83eb51c207c43e42021-12-17 12:32:17.058root 11241100x8000000000000000320545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cf619f253bb6702021-12-17 12:32:17.058root 11241100x8000000000000000320546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cf1c73212dee872021-12-17 12:32:17.058root 11241100x8000000000000000320547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a9d90d6679d4222021-12-17 12:32:17.058root 11241100x8000000000000000320548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e0605dcfe3cf902021-12-17 12:32:17.058root 11241100x8000000000000000320549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141b91e1ac4a698e2021-12-17 12:32:17.059root 11241100x8000000000000000320550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d1cc3efbcfab592021-12-17 12:32:17.059root 11241100x8000000000000000320551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47aff166ff59bb62021-12-17 12:32:17.059root 11241100x8000000000000000320552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099cc9f2316c8e6c2021-12-17 12:32:17.059root 11241100x8000000000000000320553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e7c3e4ac62aae62021-12-17 12:32:17.059root 11241100x8000000000000000320554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500c14927fbacd012021-12-17 12:32:17.059root 11241100x8000000000000000320555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8afb4b7194f1aa2021-12-17 12:32:17.059root 11241100x8000000000000000320556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac09060fa58b85e2021-12-17 12:32:17.059root 11241100x8000000000000000320557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cad7a9cc6128b562021-12-17 12:32:17.059root 11241100x8000000000000000320558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c697eaaba3a94f382021-12-17 12:32:17.059root 11241100x8000000000000000320559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5fab5eca0b84902021-12-17 12:32:17.059root 11241100x8000000000000000320560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b0805507efc81f2021-12-17 12:32:17.059root 11241100x8000000000000000320561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939703e7a6e1a49d2021-12-17 12:32:17.060root 11241100x8000000000000000320562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0e257503507a402021-12-17 12:32:17.060root 11241100x8000000000000000320563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9d6d4c05fe51742021-12-17 12:32:17.060root 11241100x8000000000000000320564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b885254f4b0dbd942021-12-17 12:32:17.060root 11241100x8000000000000000320565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a2292d3d58cf42021-12-17 12:32:17.060root 11241100x8000000000000000320566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4872910084bf312021-12-17 12:32:17.060root 11241100x8000000000000000320567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adaaf152aadadee62021-12-17 12:32:17.557root 11241100x8000000000000000320568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7b3dfe5bab07512021-12-17 12:32:17.557root 11241100x8000000000000000320569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ada933da7ad03632021-12-17 12:32:17.558root 11241100x8000000000000000320570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92491113ffaf773f2021-12-17 12:32:17.558root 11241100x8000000000000000320571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a87d3a78c810502021-12-17 12:32:17.558root 11241100x8000000000000000320572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b91c58a78f9a082021-12-17 12:32:17.558root 11241100x8000000000000000320573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8d52c6cb0dc2532021-12-17 12:32:17.558root 11241100x8000000000000000320574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739772eb2b617ed62021-12-17 12:32:17.558root 11241100x8000000000000000320575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca712dbe7a7872a2021-12-17 12:32:17.558root 11241100x8000000000000000320576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1053aed0b214e8152021-12-17 12:32:17.558root 11241100x8000000000000000320577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead28c4a2984ed332021-12-17 12:32:17.558root 11241100x8000000000000000320578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a3a74a9023553c2021-12-17 12:32:17.558root 11241100x8000000000000000320579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983468490c1cdf622021-12-17 12:32:17.558root 11241100x8000000000000000320580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5250cde5845c41ae2021-12-17 12:32:17.559root 11241100x8000000000000000320581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2420339cfa98f6a2021-12-17 12:32:17.559root 11241100x8000000000000000320582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303bec4cd8dc959a2021-12-17 12:32:17.559root 11241100x8000000000000000320583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaf12a63655e7702021-12-17 12:32:17.559root 11241100x8000000000000000320584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0241b826062bf06f2021-12-17 12:32:17.559root 11241100x8000000000000000320585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d242f7b25d203c02021-12-17 12:32:17.559root 11241100x8000000000000000320586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8feb6488cb26ca2021-12-17 12:32:17.559root 11241100x8000000000000000320587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e836ce6ed5719562021-12-17 12:32:17.559root 11241100x8000000000000000320588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ac5e6282c55fff2021-12-17 12:32:17.559root 11241100x8000000000000000320589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6928aec82f8a69f72021-12-17 12:32:17.560root 11241100x8000000000000000320590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9e27c88286b6672021-12-17 12:32:17.560root 11241100x8000000000000000320591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc6f896a4863de62021-12-17 12:32:17.560root 11241100x8000000000000000320592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0e9495492bbda22021-12-17 12:32:17.560root 11241100x8000000000000000320593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8a2349c8096f612021-12-17 12:32:17.560root 11241100x8000000000000000320594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b67529031913712021-12-17 12:32:17.560root 11241100x8000000000000000320595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d97b9a2874cf95d2021-12-17 12:32:17.560root 11241100x8000000000000000320596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a3cef11aa433b22021-12-17 12:32:17.560root 11241100x8000000000000000320597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b3a4e6521165352021-12-17 12:32:17.561root 11241100x8000000000000000320598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:17.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58966bb5216b6c972021-12-17 12:32:17.561root 11241100x8000000000000000320599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72c2ce3d41879272021-12-17 12:32:18.057root 11241100x8000000000000000320600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cc52bfdfef29a82021-12-17 12:32:18.058root 11241100x8000000000000000320601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6117c765b87de4122021-12-17 12:32:18.058root 11241100x8000000000000000320602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f0412e2f49246f2021-12-17 12:32:18.058root 11241100x8000000000000000320603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac17b2fcea02e4752021-12-17 12:32:18.058root 11241100x8000000000000000320604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaba7e60fa772d42021-12-17 12:32:18.058root 11241100x8000000000000000320605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7bd6caaf28ade62021-12-17 12:32:18.058root 11241100x8000000000000000320606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8049a7797997262021-12-17 12:32:18.058root 11241100x8000000000000000320607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0ddf27f08ca5662021-12-17 12:32:18.058root 11241100x8000000000000000320608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d9c0c49f70387d2021-12-17 12:32:18.058root 11241100x8000000000000000320609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e16570e5fdc06e2021-12-17 12:32:18.058root 11241100x8000000000000000320610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159551b7953ad94d2021-12-17 12:32:18.059root 11241100x8000000000000000320611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62df50a684cd97692021-12-17 12:32:18.059root 11241100x8000000000000000320612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86cf647ce093f202021-12-17 12:32:18.059root 11241100x8000000000000000320613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68439a7fcc0c45cb2021-12-17 12:32:18.059root 11241100x8000000000000000320614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cac84c86620daf2021-12-17 12:32:18.059root 11241100x8000000000000000320615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c3fa0139d7355a2021-12-17 12:32:18.059root 11241100x8000000000000000320616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2f1ba8593bfc5b2021-12-17 12:32:18.059root 11241100x8000000000000000320617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f69107aa31494642021-12-17 12:32:18.059root 11241100x8000000000000000320618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60860dc6a2d940f22021-12-17 12:32:18.060root 11241100x8000000000000000320619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6756a1c17b7be0bc2021-12-17 12:32:18.060root 11241100x8000000000000000320620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b816a3c6152f165d2021-12-17 12:32:18.060root 11241100x8000000000000000320621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd526b33764af9c2021-12-17 12:32:18.060root 11241100x8000000000000000320622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d9dbd7cb264d642021-12-17 12:32:18.060root 11241100x8000000000000000320623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656e3225ab66e1f92021-12-17 12:32:18.060root 11241100x8000000000000000320624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2b9709622f148b2021-12-17 12:32:18.060root 11241100x8000000000000000320625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b0d30d1636b9292021-12-17 12:32:18.060root 11241100x8000000000000000320626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e25d3923ffec3cf2021-12-17 12:32:18.060root 11241100x8000000000000000320627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b4ae6226e226b42021-12-17 12:32:18.060root 11241100x8000000000000000320628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f522b0a5ca7e53d52021-12-17 12:32:18.060root 11241100x8000000000000000320629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06bae734b1f925a2021-12-17 12:32:18.060root 11241100x8000000000000000320630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4f428aa7df4ee32021-12-17 12:32:18.060root 11241100x8000000000000000320631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4915ef482e3be2e2021-12-17 12:32:18.557root 11241100x8000000000000000320632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d90ce0e53d2aba2021-12-17 12:32:18.557root 11241100x8000000000000000320633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e07642cee5d5b072021-12-17 12:32:18.558root 11241100x8000000000000000320634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e22de11b05a9c92021-12-17 12:32:18.558root 11241100x8000000000000000320635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267f9eaf7a600d9e2021-12-17 12:32:18.558root 11241100x8000000000000000320636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac3a8742b8407f52021-12-17 12:32:18.558root 11241100x8000000000000000320637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebce5b4c7d5efcd2021-12-17 12:32:18.558root 11241100x8000000000000000320638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d038669ea5693a692021-12-17 12:32:18.558root 11241100x8000000000000000320639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f05ae74a2ec9852021-12-17 12:32:18.558root 11241100x8000000000000000320640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbabf0107d8967c92021-12-17 12:32:18.558root 11241100x8000000000000000320641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe407dd546cb22c2021-12-17 12:32:18.558root 11241100x8000000000000000320642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee5308b81c581f22021-12-17 12:32:18.558root 11241100x8000000000000000320643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ab00ac6c92a6a92021-12-17 12:32:18.558root 11241100x8000000000000000320644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7091053f93e68f522021-12-17 12:32:18.558root 11241100x8000000000000000320645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b5849c521c18692021-12-17 12:32:18.558root 11241100x8000000000000000320646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e088b1b6a83ad42021-12-17 12:32:18.559root 11241100x8000000000000000320647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434acc68619df1382021-12-17 12:32:18.559root 11241100x8000000000000000320648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489682b04b13273b2021-12-17 12:32:18.559root 11241100x8000000000000000320649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad2e071c5d1e40d2021-12-17 12:32:18.559root 11241100x8000000000000000320650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0cd77474142d022021-12-17 12:32:18.559root 11241100x8000000000000000320651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4075107a051d141c2021-12-17 12:32:18.559root 11241100x8000000000000000320652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8258586e39eaef492021-12-17 12:32:18.559root 11241100x8000000000000000320653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9401a9b0031d92fa2021-12-17 12:32:18.559root 11241100x8000000000000000320654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd33727cb44278dd2021-12-17 12:32:18.559root 11241100x8000000000000000320655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0047bfce3db54e9a2021-12-17 12:32:18.559root 11241100x8000000000000000320656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6dbd044feb577ce2021-12-17 12:32:18.559root 11241100x8000000000000000320657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f442d748eedf9f2021-12-17 12:32:18.559root 11241100x8000000000000000320658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6595540f43c414542021-12-17 12:32:18.559root 11241100x8000000000000000320659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c204c5ae9b8937012021-12-17 12:32:18.559root 11241100x8000000000000000320660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b500d95ac4c8b8c2021-12-17 12:32:18.559root 11241100x8000000000000000320661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f62531b49beecb42021-12-17 12:32:18.560root 11241100x8000000000000000320662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:18.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f1bc359b60fa562021-12-17 12:32:18.560root 11241100x8000000000000000320663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05fc0ee79f8739c2021-12-17 12:32:19.057root 11241100x8000000000000000320664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f20627160a12c42021-12-17 12:32:19.058root 11241100x8000000000000000320665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d15ca4f9ea80932021-12-17 12:32:19.058root 11241100x8000000000000000320666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fb60f100344b822021-12-17 12:32:19.058root 11241100x8000000000000000320667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4432e7d4b4cdf992021-12-17 12:32:19.058root 11241100x8000000000000000320668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150ad18a053d54122021-12-17 12:32:19.058root 11241100x8000000000000000320669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823f149d03546d3e2021-12-17 12:32:19.058root 11241100x8000000000000000320670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231aade4c20bdc822021-12-17 12:32:19.058root 11241100x8000000000000000320671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afa3e58702f3db12021-12-17 12:32:19.058root 11241100x8000000000000000320672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97983e3cfa7fadb92021-12-17 12:32:19.058root 11241100x8000000000000000320673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c60adae9de39d752021-12-17 12:32:19.058root 11241100x8000000000000000320674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a4e733aa71e6c82021-12-17 12:32:19.058root 11241100x8000000000000000320675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afadf0cbcce276d02021-12-17 12:32:19.058root 11241100x8000000000000000320676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e4d4e9d440f5e02021-12-17 12:32:19.058root 11241100x8000000000000000320677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a198241e2896c432021-12-17 12:32:19.058root 11241100x8000000000000000320678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e24c408daee75432021-12-17 12:32:19.059root 11241100x8000000000000000320679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657b1664944b3f5e2021-12-17 12:32:19.059root 11241100x8000000000000000320680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006402e8a8760a8d2021-12-17 12:32:19.059root 11241100x8000000000000000320681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0afc12ad28828842021-12-17 12:32:19.059root 11241100x8000000000000000320682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c173c5966453ef2021-12-17 12:32:19.059root 11241100x8000000000000000320683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ceedca7570b3ff2021-12-17 12:32:19.059root 11241100x8000000000000000320684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e51c5b7b55a3832021-12-17 12:32:19.059root 11241100x8000000000000000320685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4702c3b92944f3892021-12-17 12:32:19.059root 11241100x8000000000000000320686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be578840da2bcb162021-12-17 12:32:19.059root 11241100x8000000000000000320687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ed8d29effb7a2b2021-12-17 12:32:19.059root 11241100x8000000000000000320688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c91567af18095d62021-12-17 12:32:19.060root 11241100x8000000000000000320689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9617a3e0a0f3427b2021-12-17 12:32:19.060root 11241100x8000000000000000320690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a974d60f3ffcdba2021-12-17 12:32:19.060root 11241100x8000000000000000320691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3373d48a2b1197d32021-12-17 12:32:19.060root 11241100x8000000000000000320692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebd1ae03719a8232021-12-17 12:32:19.060root 11241100x8000000000000000320693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d81f35d0770ed6b2021-12-17 12:32:19.060root 11241100x8000000000000000320694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2873acb2bc02e4932021-12-17 12:32:19.060root 354300x8000000000000000320695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.143{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44528-false10.0.1.12-8000- 11241100x8000000000000000320696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322b5bc11472f1ff2021-12-17 12:32:19.557root 11241100x8000000000000000320697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8587fda2e594850f2021-12-17 12:32:19.558root 11241100x8000000000000000320698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d5e7851e8558692021-12-17 12:32:19.558root 11241100x8000000000000000320699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f65128cead9dae2021-12-17 12:32:19.558root 11241100x8000000000000000320700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f2645995a1e70c2021-12-17 12:32:19.558root 11241100x8000000000000000320701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136c3e005c041a422021-12-17 12:32:19.558root 11241100x8000000000000000320702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb2c55e2b3c21362021-12-17 12:32:19.558root 11241100x8000000000000000320703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61466d3de9881892021-12-17 12:32:19.558root 11241100x8000000000000000320704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a4f47d7f2678fb2021-12-17 12:32:19.558root 11241100x8000000000000000320705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b02f994d3492852021-12-17 12:32:19.558root 11241100x8000000000000000320706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b825062d2fa85b832021-12-17 12:32:19.558root 11241100x8000000000000000320707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a592103fea285ff2021-12-17 12:32:19.558root 11241100x8000000000000000320708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86292d7913a5902b2021-12-17 12:32:19.559root 11241100x8000000000000000320709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35be4c8477175592021-12-17 12:32:19.559root 11241100x8000000000000000320710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3598c3cacafda8f2021-12-17 12:32:19.559root 11241100x8000000000000000320711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603c9a84c8ac6bf32021-12-17 12:32:19.559root 11241100x8000000000000000320712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d7f382852bc7362021-12-17 12:32:19.559root 11241100x8000000000000000320713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167637fdc7ba63732021-12-17 12:32:19.559root 11241100x8000000000000000320714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1161ccc2d4ae7fce2021-12-17 12:32:19.559root 11241100x8000000000000000320715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c718a7ab64362962021-12-17 12:32:19.559root 11241100x8000000000000000320716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314cf83a6f8a612f2021-12-17 12:32:19.559root 11241100x8000000000000000320717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a883913738ebdf2021-12-17 12:32:19.559root 11241100x8000000000000000320718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022221c46ae8dba22021-12-17 12:32:19.560root 11241100x8000000000000000320719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769189fc407378072021-12-17 12:32:19.560root 11241100x8000000000000000320720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01314965eeabeb6e2021-12-17 12:32:19.560root 11241100x8000000000000000320721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7480ee6b591dc2182021-12-17 12:32:19.560root 11241100x8000000000000000320722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90488cf03f1bbbbe2021-12-17 12:32:19.560root 11241100x8000000000000000320723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dab51c5a584c5952021-12-17 12:32:19.560root 11241100x8000000000000000320724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba3e1dcf31eca862021-12-17 12:32:19.560root 11241100x8000000000000000320725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749e2fb6d4aa891c2021-12-17 12:32:19.560root 11241100x8000000000000000320726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e6cea8c9f90c332021-12-17 12:32:19.560root 11241100x8000000000000000320727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eae3aa7a2bfbeb52021-12-17 12:32:19.560root 11241100x8000000000000000320728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:19.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c46e8442998cc82021-12-17 12:32:19.560root 11241100x8000000000000000320729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909a70abe9e2a24a2021-12-17 12:32:20.057root 11241100x8000000000000000320730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6f0b18d21d200a2021-12-17 12:32:20.058root 11241100x8000000000000000320731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6e767cbbd6303e2021-12-17 12:32:20.058root 11241100x8000000000000000320732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274682b5aefcc9132021-12-17 12:32:20.058root 11241100x8000000000000000320733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778f91aac39dca6d2021-12-17 12:32:20.058root 11241100x8000000000000000320734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e3531c70a02c622021-12-17 12:32:20.058root 11241100x8000000000000000320735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc1b5cb889c3ac12021-12-17 12:32:20.058root 11241100x8000000000000000320736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6892d0540776113b2021-12-17 12:32:20.058root 11241100x8000000000000000320737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888a7eff6a3fab9e2021-12-17 12:32:20.058root 11241100x8000000000000000320738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f013b74f2c2fd302021-12-17 12:32:20.058root 11241100x8000000000000000320739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5227ac9acc91212021-12-17 12:32:20.058root 11241100x8000000000000000320740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e4b567aa2305ce2021-12-17 12:32:20.059root 11241100x8000000000000000320741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fc9f43773318f02021-12-17 12:32:20.059root 11241100x8000000000000000320742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2b66ecb80089b32021-12-17 12:32:20.059root 11241100x8000000000000000320743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416ca75a92de3a0a2021-12-17 12:32:20.059root 11241100x8000000000000000320744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6070f4b34744ce62021-12-17 12:32:20.059root 11241100x8000000000000000320745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6cb99622f0f2532021-12-17 12:32:20.059root 11241100x8000000000000000320746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2d29cf4e91894d2021-12-17 12:32:20.059root 11241100x8000000000000000320747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7655cc59c2c04e2021-12-17 12:32:20.059root 11241100x8000000000000000320748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb75f2da3d252b82021-12-17 12:32:20.059root 11241100x8000000000000000320749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd28c201ca507292021-12-17 12:32:20.059root 11241100x8000000000000000320750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dddd5b327746ed72021-12-17 12:32:20.059root 11241100x8000000000000000320751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09b09fa52f502562021-12-17 12:32:20.060root 11241100x8000000000000000320752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bfb62c4a6f05a82021-12-17 12:32:20.060root 11241100x8000000000000000320753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c28965071d4f6202021-12-17 12:32:20.060root 11241100x8000000000000000320754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb8836c58c37d5c2021-12-17 12:32:20.060root 11241100x8000000000000000320755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665e3912c307d6322021-12-17 12:32:20.060root 11241100x8000000000000000320756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623b4a086b8c48d62021-12-17 12:32:20.060root 11241100x8000000000000000320757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a334a69d8a6936d62021-12-17 12:32:20.060root 11241100x8000000000000000320758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b383a1c82263a1e2021-12-17 12:32:20.060root 11241100x8000000000000000320759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc0d45ad077958c2021-12-17 12:32:20.060root 11241100x8000000000000000320760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576f9457fb7188392021-12-17 12:32:20.060root 11241100x8000000000000000320761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3859ebc8f5b4e22021-12-17 12:32:20.061root 11241100x8000000000000000320762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eee88aa2a9d696d2021-12-17 12:32:20.557root 11241100x8000000000000000320763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd2c031aeaa109c2021-12-17 12:32:20.558root 11241100x8000000000000000320764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6182ea917d50182021-12-17 12:32:20.558root 11241100x8000000000000000320765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a433556d935f82c02021-12-17 12:32:20.558root 11241100x8000000000000000320766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bcfba0c930e4932021-12-17 12:32:20.558root 11241100x8000000000000000320767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5898d34b00a28802021-12-17 12:32:20.558root 11241100x8000000000000000320768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f49449be49aa8482021-12-17 12:32:20.558root 11241100x8000000000000000320769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5addbee8e9314692021-12-17 12:32:20.558root 11241100x8000000000000000320770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b22d35949e119662021-12-17 12:32:20.558root 11241100x8000000000000000320771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4ee517cfa4c4392021-12-17 12:32:20.558root 11241100x8000000000000000320772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c5891da9b51bcf2021-12-17 12:32:20.558root 11241100x8000000000000000320773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b233d585a0b5af82021-12-17 12:32:20.558root 11241100x8000000000000000320774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd49b826f7b00e892021-12-17 12:32:20.559root 11241100x8000000000000000320775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc033597648caae2021-12-17 12:32:20.559root 11241100x8000000000000000320776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930983065c8c430c2021-12-17 12:32:20.559root 11241100x8000000000000000320777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7c55344f67e8042021-12-17 12:32:20.559root 11241100x8000000000000000320778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3596df44041d01b22021-12-17 12:32:20.559root 11241100x8000000000000000320779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6a372a51c7f8ad2021-12-17 12:32:20.559root 11241100x8000000000000000320780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2100f351de89bef72021-12-17 12:32:20.559root 11241100x8000000000000000320781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397fdd7542a991e82021-12-17 12:32:20.559root 11241100x8000000000000000320782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b56144c60f85b22021-12-17 12:32:20.559root 11241100x8000000000000000320783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4fed9fb8ae6ae32021-12-17 12:32:20.559root 11241100x8000000000000000320784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d19b77362192952021-12-17 12:32:20.560root 11241100x8000000000000000320785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9aa9e97677648b82021-12-17 12:32:20.560root 11241100x8000000000000000320786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d38c21a798a93b2021-12-17 12:32:20.560root 11241100x8000000000000000320787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4de4d077629257f2021-12-17 12:32:20.560root 11241100x8000000000000000320788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8311d61bda6f5b2021-12-17 12:32:20.560root 11241100x8000000000000000320789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8758652d080632b2021-12-17 12:32:20.560root 11241100x8000000000000000320790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c2d0a722bd34d92021-12-17 12:32:20.560root 11241100x8000000000000000320791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae4ceeb02aaa1f32021-12-17 12:32:20.561root 11241100x8000000000000000320792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2bc6248c73e1302021-12-17 12:32:20.561root 11241100x8000000000000000320793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58d3211167bccee2021-12-17 12:32:20.561root 11241100x8000000000000000320794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:20.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b819123344da26ed2021-12-17 12:32:20.561root 11241100x8000000000000000320795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fca04b867e088a2021-12-17 12:32:21.058root 11241100x8000000000000000320796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bc9fac4ea8c3462021-12-17 12:32:21.058root 11241100x8000000000000000320797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525301ff3288fa272021-12-17 12:32:21.058root 11241100x8000000000000000320798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1d12aea7b3bb2c2021-12-17 12:32:21.058root 11241100x8000000000000000320799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de753c4548ef9f402021-12-17 12:32:21.058root 11241100x8000000000000000320800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b870ad5285c92dc52021-12-17 12:32:21.058root 11241100x8000000000000000320801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb6c76961c905332021-12-17 12:32:21.058root 11241100x8000000000000000320802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd1d751d93013b92021-12-17 12:32:21.058root 11241100x8000000000000000320803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01355f1ad98327012021-12-17 12:32:21.058root 11241100x8000000000000000320804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443beb7d8a2f083e2021-12-17 12:32:21.059root 11241100x8000000000000000320805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac7488dbdc22f1f2021-12-17 12:32:21.059root 11241100x8000000000000000320806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aadbf9ca11b2e912021-12-17 12:32:21.059root 11241100x8000000000000000320807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85ec22b150f50a02021-12-17 12:32:21.059root 11241100x8000000000000000320808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d7a7d5e76c01a92021-12-17 12:32:21.059root 11241100x8000000000000000320809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc854cbabfda8e002021-12-17 12:32:21.059root 11241100x8000000000000000320810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6fa706d1ecb49e2021-12-17 12:32:21.059root 11241100x8000000000000000320811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e49fe777b88deec2021-12-17 12:32:21.059root 11241100x8000000000000000320812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3756514acd46dbd2021-12-17 12:32:21.059root 11241100x8000000000000000320813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba917d01d9b731452021-12-17 12:32:21.060root 11241100x8000000000000000320814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec56601bb9f90d5c2021-12-17 12:32:21.060root 11241100x8000000000000000320815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541bd43272c9dd0e2021-12-17 12:32:21.060root 11241100x8000000000000000320816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3728ae0f9b7f1f4e2021-12-17 12:32:21.060root 11241100x8000000000000000320817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8a8674756cd9022021-12-17 12:32:21.060root 11241100x8000000000000000320818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe35120f6b039c22021-12-17 12:32:21.060root 11241100x8000000000000000320819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5e2dcd97768e5c2021-12-17 12:32:21.060root 11241100x8000000000000000320820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bce90dfcde97e22021-12-17 12:32:21.060root 11241100x8000000000000000320821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5fcbcb114f994c2021-12-17 12:32:21.060root 11241100x8000000000000000320822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50439237fab2acba2021-12-17 12:32:21.060root 11241100x8000000000000000320823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2420fad7b64db63d2021-12-17 12:32:21.060root 11241100x8000000000000000320824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a70163dcd1e48f2021-12-17 12:32:21.061root 11241100x8000000000000000320825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec4661c6e38072b2021-12-17 12:32:21.061root 11241100x8000000000000000320826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa538c1557c75592021-12-17 12:32:21.061root 11241100x8000000000000000320827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3aa287916839f1f2021-12-17 12:32:21.061root 11241100x8000000000000000320828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752016bebc18b492021-12-17 12:32:21.557root 11241100x8000000000000000320829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14b7dda0e23d1892021-12-17 12:32:21.558root 11241100x8000000000000000320830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df298d06633722562021-12-17 12:32:21.558root 11241100x8000000000000000320831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14d5d30e244bdf52021-12-17 12:32:21.558root 11241100x8000000000000000320832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f88be4f34db29872021-12-17 12:32:21.558root 11241100x8000000000000000320833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28657a8beeee51362021-12-17 12:32:21.558root 11241100x8000000000000000320834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d5c4f0b30c85c32021-12-17 12:32:21.558root 11241100x8000000000000000320835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98495a32d1d6f5da2021-12-17 12:32:21.558root 11241100x8000000000000000320836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954f2b21764a061a2021-12-17 12:32:21.558root 11241100x8000000000000000320837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f075a7ae81788e2021-12-17 12:32:21.558root 11241100x8000000000000000320838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e717b9347d0dd402021-12-17 12:32:21.558root 11241100x8000000000000000320839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531be0161d3abf5b2021-12-17 12:32:21.559root 11241100x8000000000000000320840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb82340fc44020142021-12-17 12:32:21.559root 11241100x8000000000000000320841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19026f4186f8f7b2021-12-17 12:32:21.559root 11241100x8000000000000000320842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95729bc72b414a12021-12-17 12:32:21.559root 11241100x8000000000000000320843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5147dae5e82bd11f2021-12-17 12:32:21.559root 11241100x8000000000000000320844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad7e59a72d094342021-12-17 12:32:21.559root 11241100x8000000000000000320845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ba1590c37af4032021-12-17 12:32:21.559root 11241100x8000000000000000320846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce7f7cf527a49922021-12-17 12:32:21.559root 11241100x8000000000000000320847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4fc919ff25ae9f2021-12-17 12:32:21.559root 11241100x8000000000000000320848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e92fd2e8640e022021-12-17 12:32:21.559root 11241100x8000000000000000320849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ceab4306ee968c2021-12-17 12:32:21.560root 11241100x8000000000000000320850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756e5b71ba7a99232021-12-17 12:32:21.560root 11241100x8000000000000000320851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc8a78e5bf3a60d2021-12-17 12:32:21.560root 11241100x8000000000000000320852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412030de288617b22021-12-17 12:32:21.560root 11241100x8000000000000000320853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9de4f2bb648bad2021-12-17 12:32:21.560root 11241100x8000000000000000320854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26935ac2498ec7012021-12-17 12:32:21.560root 11241100x8000000000000000320855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31ac116dfc776082021-12-17 12:32:21.560root 11241100x8000000000000000320856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ddc430abc2f4072021-12-17 12:32:21.561root 11241100x8000000000000000320857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3413dd722d9cbab22021-12-17 12:32:21.561root 11241100x8000000000000000320858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f36b2d4b8a42342021-12-17 12:32:21.561root 11241100x8000000000000000320859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029c7c4692bd21bb2021-12-17 12:32:21.561root 11241100x8000000000000000320860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2fcb291c7145462021-12-17 12:32:21.561root 154100x8000000000000000320861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.619{ec28ba6a-8355-61bc-68d4-c7065c550000}9587/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec28ba6a-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2255--- 534500x8000000000000000320862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:21.632{ec28ba6a-8355-61bc-68d4-c7065c550000}9587/bin/psroot 11241100x8000000000000000320863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39f393f64f114ce2021-12-17 12:32:22.058root 11241100x8000000000000000320864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6467309721f5ed82021-12-17 12:32:22.058root 11241100x8000000000000000320865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a23e756f58f3002021-12-17 12:32:22.058root 11241100x8000000000000000320866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef6b35bdce942ff2021-12-17 12:32:22.058root 11241100x8000000000000000320867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b91ede953c60a9d2021-12-17 12:32:22.058root 11241100x8000000000000000320868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957a5dddce917d6c2021-12-17 12:32:22.058root 11241100x8000000000000000320869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9216d58bada82abe2021-12-17 12:32:22.058root 11241100x8000000000000000320870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dec6d5b6fe66812021-12-17 12:32:22.058root 11241100x8000000000000000320871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e78dea782cfb9df2021-12-17 12:32:22.059root 11241100x8000000000000000320872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527ed7a37b07501c2021-12-17 12:32:22.059root 11241100x8000000000000000320873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b7184d2fcdc0f32021-12-17 12:32:22.059root 11241100x8000000000000000320874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c28a7516b0706d12021-12-17 12:32:22.059root 11241100x8000000000000000320875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8df66ffdb90be1a2021-12-17 12:32:22.059root 11241100x8000000000000000320876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6156d3e34d2c5d2021-12-17 12:32:22.059root 11241100x8000000000000000320877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1734fd51cece252021-12-17 12:32:22.059root 11241100x8000000000000000320878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88e3e0b7f62a1872021-12-17 12:32:22.059root 11241100x8000000000000000320879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1912bf54dd9f69222021-12-17 12:32:22.059root 11241100x8000000000000000320880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8890dda4e1fe25d22021-12-17 12:32:22.060root 11241100x8000000000000000320881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77396d3285dbf802021-12-17 12:32:22.060root 11241100x8000000000000000320882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a8087ac913695f2021-12-17 12:32:22.060root 11241100x8000000000000000320883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812c04900ae2d56e2021-12-17 12:32:22.061root 11241100x8000000000000000320884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cc21edd587cd332021-12-17 12:32:22.061root 11241100x8000000000000000320885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca46dbc921f41582021-12-17 12:32:22.061root 11241100x8000000000000000320886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50ef2ebc4261d822021-12-17 12:32:22.061root 11241100x8000000000000000320887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6123222fc21f64212021-12-17 12:32:22.061root 11241100x8000000000000000320888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bfc7fc3b607bda2021-12-17 12:32:22.061root 11241100x8000000000000000320889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecae0304f264b9362021-12-17 12:32:22.061root 11241100x8000000000000000320890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd375ef50e6e68d62021-12-17 12:32:22.061root 11241100x8000000000000000320891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e31b2894b408662021-12-17 12:32:22.061root 11241100x8000000000000000320892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4586c3c8c8cafb2021-12-17 12:32:22.062root 11241100x8000000000000000320893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af70318c84374fe2021-12-17 12:32:22.062root 11241100x8000000000000000320894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea18ff97d3bfd762021-12-17 12:32:22.062root 11241100x8000000000000000320895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad21e814c32767b2021-12-17 12:32:22.062root 11241100x8000000000000000320896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72edecb41de26da32021-12-17 12:32:22.062root 11241100x8000000000000000320897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71da5731c348b1da2021-12-17 12:32:22.062root 11241100x8000000000000000320898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57ce031a3edb5952021-12-17 12:32:22.558root 11241100x8000000000000000320899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e88263cbc340c82021-12-17 12:32:22.558root 11241100x8000000000000000320900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039c8fed77ee1c552021-12-17 12:32:22.558root 11241100x8000000000000000320901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa19d404967aa6c2021-12-17 12:32:22.558root 11241100x8000000000000000320902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14af1576a9e839e2021-12-17 12:32:22.558root 11241100x8000000000000000320903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c2b368d917016b2021-12-17 12:32:22.558root 11241100x8000000000000000320904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e210420c0629932021-12-17 12:32:22.558root 11241100x8000000000000000320905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0bb819157b76642021-12-17 12:32:22.558root 11241100x8000000000000000320906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2f3d879e8491b82021-12-17 12:32:22.558root 11241100x8000000000000000320907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f705ea43f2277c2021-12-17 12:32:22.559root 11241100x8000000000000000320908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dc31bea0222fbe2021-12-17 12:32:22.559root 11241100x8000000000000000320909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990ce5c42843ae902021-12-17 12:32:22.559root 11241100x8000000000000000320910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cd728f400814312021-12-17 12:32:22.559root 11241100x8000000000000000320911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ee64788b50eeeb2021-12-17 12:32:22.559root 11241100x8000000000000000320912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a741dff032400a2021-12-17 12:32:22.559root 11241100x8000000000000000320913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f41ada9940e3f512021-12-17 12:32:22.559root 11241100x8000000000000000320914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1277e42d66457872021-12-17 12:32:22.559root 11241100x8000000000000000320915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48161f03c9c95f32021-12-17 12:32:22.559root 11241100x8000000000000000320916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f905056e1a750612021-12-17 12:32:22.560root 11241100x8000000000000000320917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36894854d615f1532021-12-17 12:32:22.560root 11241100x8000000000000000320918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5633dd97ed3dab42021-12-17 12:32:22.560root 11241100x8000000000000000320919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec68d10aad618432021-12-17 12:32:22.560root 11241100x8000000000000000320920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c513dfcda843be322021-12-17 12:32:22.560root 11241100x8000000000000000320921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fa2d171c1393622021-12-17 12:32:22.560root 11241100x8000000000000000320922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f7323d505b76d32021-12-17 12:32:22.560root 11241100x8000000000000000320923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d86ca1e311526bc2021-12-17 12:32:22.560root 11241100x8000000000000000320924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795a823994df471b2021-12-17 12:32:22.560root 11241100x8000000000000000320925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ea83ec001083452021-12-17 12:32:22.560root 11241100x8000000000000000320926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb356c0bb32bd8522021-12-17 12:32:22.561root 11241100x8000000000000000320927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaa07ab1f5a117f2021-12-17 12:32:22.561root 11241100x8000000000000000320928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ccba23bc5e1e902021-12-17 12:32:22.561root 11241100x8000000000000000320929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d04278fbe4fb8b2021-12-17 12:32:22.561root 11241100x8000000000000000320930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb76a0dcc2c0aabd2021-12-17 12:32:22.561root 11241100x8000000000000000320931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b844fceac36d06a52021-12-17 12:32:22.561root 11241100x8000000000000000320932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:22.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5d254e192559c42021-12-17 12:32:22.561root 11241100x8000000000000000320933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9688276b7bb9b1002021-12-17 12:32:23.057root 11241100x8000000000000000320934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a48a69c408876cf2021-12-17 12:32:23.058root 11241100x8000000000000000320935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7e343d7a05086b2021-12-17 12:32:23.058root 11241100x8000000000000000320936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048d2a7a507e87a02021-12-17 12:32:23.058root 11241100x8000000000000000320937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225c6bda94a5e6fb2021-12-17 12:32:23.058root 11241100x8000000000000000320938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729ae7a96fefdc532021-12-17 12:32:23.058root 11241100x8000000000000000320939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b01c6f63b460cb2021-12-17 12:32:23.058root 11241100x8000000000000000320940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf25992cf3d8d912021-12-17 12:32:23.058root 11241100x8000000000000000320941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d158bdab2e5f602021-12-17 12:32:23.058root 11241100x8000000000000000320942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904c1794d0d7cf272021-12-17 12:32:23.058root 11241100x8000000000000000320943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a15805b020cafa2021-12-17 12:32:23.058root 11241100x8000000000000000320944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae875923a1fb5a02021-12-17 12:32:23.059root 11241100x8000000000000000320945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bc122276418a002021-12-17 12:32:23.059root 11241100x8000000000000000320946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde56810cd486cc92021-12-17 12:32:23.059root 11241100x8000000000000000320947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e273605fe0bc95f2021-12-17 12:32:23.059root 11241100x8000000000000000320948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38629d92495596332021-12-17 12:32:23.059root 11241100x8000000000000000320949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8557d0ac4202f7f2021-12-17 12:32:23.059root 11241100x8000000000000000320950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a121107b41c6847c2021-12-17 12:32:23.059root 11241100x8000000000000000320951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cc139512cd5bcb2021-12-17 12:32:23.059root 11241100x8000000000000000320952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412992ddbc54a2b12021-12-17 12:32:23.059root 11241100x8000000000000000320953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92961a5a463dd8872021-12-17 12:32:23.059root 11241100x8000000000000000320954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ffd89759c4a4a92021-12-17 12:32:23.059root 11241100x8000000000000000320955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f811f83394dd942021-12-17 12:32:23.060root 11241100x8000000000000000320956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2de65b715159752021-12-17 12:32:23.060root 11241100x8000000000000000320957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9b93959d5234d52021-12-17 12:32:23.060root 11241100x8000000000000000320958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd5cff2a25af1402021-12-17 12:32:23.060root 11241100x8000000000000000320959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cf046d5716b5482021-12-17 12:32:23.060root 11241100x8000000000000000320960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b40cb7d87fa0542021-12-17 12:32:23.060root 11241100x8000000000000000320961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74b23f020f680042021-12-17 12:32:23.060root 11241100x8000000000000000320962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15ba7e146e6c66b2021-12-17 12:32:23.060root 11241100x8000000000000000320963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73bc0ea3b7ff1542021-12-17 12:32:23.060root 11241100x8000000000000000320964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802e257b85cc9a4a2021-12-17 12:32:23.061root 11241100x8000000000000000320965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daff529d8ba29fa62021-12-17 12:32:23.061root 11241100x8000000000000000320966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600c5aed71dbdd152021-12-17 12:32:23.061root 11241100x8000000000000000320967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1705ec0846b5a5362021-12-17 12:32:23.061root 11241100x8000000000000000320968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06197208254a6892021-12-17 12:32:23.557root 11241100x8000000000000000320969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6ed437b02c1e252021-12-17 12:32:23.558root 11241100x8000000000000000320970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4737a286038498ce2021-12-17 12:32:23.558root 11241100x8000000000000000320971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff017a04138ff2f92021-12-17 12:32:23.558root 11241100x8000000000000000320972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2da387e969716d2021-12-17 12:32:23.558root 11241100x8000000000000000320973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6158ef95a48c61f82021-12-17 12:32:23.558root 11241100x8000000000000000320974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacd859fc3a39d462021-12-17 12:32:23.558root 11241100x8000000000000000320975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e999c45d8247ac72021-12-17 12:32:23.558root 11241100x8000000000000000320976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1e5a8ea22b60972021-12-17 12:32:23.558root 11241100x8000000000000000320977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec8856fe28373d92021-12-17 12:32:23.558root 11241100x8000000000000000320978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e647fefe68c19432021-12-17 12:32:23.558root 11241100x8000000000000000320979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4935f9ff687eb892021-12-17 12:32:23.559root 11241100x8000000000000000320980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7da210df24f2aa2021-12-17 12:32:23.559root 11241100x8000000000000000320981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1c4105fcd1acac2021-12-17 12:32:23.559root 11241100x8000000000000000320982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04510912543ad63c2021-12-17 12:32:23.559root 11241100x8000000000000000320983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c068bc2636c9642021-12-17 12:32:23.559root 11241100x8000000000000000320984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ddea1af36f3c4f2021-12-17 12:32:23.559root 11241100x8000000000000000320985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b50a3da08e35b82021-12-17 12:32:23.559root 11241100x8000000000000000320986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc98dbe5b9bdec5f2021-12-17 12:32:23.559root 11241100x8000000000000000320987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f245f20fcba2832021-12-17 12:32:23.559root 11241100x8000000000000000320988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b666bc5035f42f2021-12-17 12:32:23.559root 11241100x8000000000000000320989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c15c51ac0f5a1532021-12-17 12:32:23.559root 11241100x8000000000000000320990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f415646a4644ec72021-12-17 12:32:23.559root 11241100x8000000000000000320991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9c799c55652d792021-12-17 12:32:23.559root 11241100x8000000000000000320992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39ce64dc9c0bde92021-12-17 12:32:23.559root 11241100x8000000000000000320993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec52faf2ef502ed2021-12-17 12:32:23.559root 11241100x8000000000000000320994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ecbc8aa05fd9852021-12-17 12:32:23.560root 11241100x8000000000000000320995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3febdeec808da4612021-12-17 12:32:23.560root 11241100x8000000000000000320996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c01c235bb2eec52021-12-17 12:32:23.560root 11241100x8000000000000000320997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e125083023c5de2021-12-17 12:32:23.560root 11241100x8000000000000000320998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552d9a1ec1946e502021-12-17 12:32:23.560root 11241100x8000000000000000320999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52758f26c4a615eb2021-12-17 12:32:23.560root 11241100x8000000000000000321000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68749d0a7ab63842021-12-17 12:32:23.560root 11241100x8000000000000000321001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da788c964dc0b5362021-12-17 12:32:23.560root 11241100x8000000000000000321002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:23.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd07b62c500f6ee12021-12-17 12:32:23.560root 11241100x8000000000000000321003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa28c2b7fe746fbd2021-12-17 12:32:24.058root 11241100x8000000000000000321004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61b4b45b79f89e32021-12-17 12:32:24.058root 11241100x8000000000000000321005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84529d8ac3ad67bb2021-12-17 12:32:24.058root 11241100x8000000000000000321006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f3559dfe784e7d2021-12-17 12:32:24.058root 11241100x8000000000000000321007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4a8e1024c7c7eb2021-12-17 12:32:24.058root 11241100x8000000000000000321008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876e599ca8f25f172021-12-17 12:32:24.058root 11241100x8000000000000000321009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92fc731f50711cf2021-12-17 12:32:24.058root 11241100x8000000000000000321010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d9f63b9a68f462021-12-17 12:32:24.058root 11241100x8000000000000000321011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72337b0441c212992021-12-17 12:32:24.058root 11241100x8000000000000000321012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3742afee25e0c712021-12-17 12:32:24.058root 11241100x8000000000000000321013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f5f81affd862b92021-12-17 12:32:24.058root 11241100x8000000000000000321014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9d844e1fd243322021-12-17 12:32:24.059root 11241100x8000000000000000321015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34013c4810610ae2021-12-17 12:32:24.059root 11241100x8000000000000000321016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1107d9ee56be75f2021-12-17 12:32:24.059root 11241100x8000000000000000321017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff83fbbf05ebc7352021-12-17 12:32:24.059root 11241100x8000000000000000321018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7846c62372359da2021-12-17 12:32:24.059root 11241100x8000000000000000321019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e89cce3b5aa08992021-12-17 12:32:24.059root 11241100x8000000000000000321020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1bf9d22d0fd2ca2021-12-17 12:32:24.059root 11241100x8000000000000000321021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c5e9462b0523d92021-12-17 12:32:24.059root 11241100x8000000000000000321022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b457bb9443f8d7e2021-12-17 12:32:24.059root 11241100x8000000000000000321023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e69ee0dd48c1a172021-12-17 12:32:24.059root 11241100x8000000000000000321024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddefc6a41ee6c4c2021-12-17 12:32:24.060root 11241100x8000000000000000321025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a354d8c1b7a69332021-12-17 12:32:24.060root 11241100x8000000000000000321026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd0849630d4a1ce2021-12-17 12:32:24.060root 11241100x8000000000000000321027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341c6c64a0fb9ac82021-12-17 12:32:24.060root 11241100x8000000000000000321028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f095ef4a3c052602021-12-17 12:32:24.060root 11241100x8000000000000000321029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3e4e9aafaea1922021-12-17 12:32:24.060root 11241100x8000000000000000321030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3234999aa8512f022021-12-17 12:32:24.060root 11241100x8000000000000000321031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c624842d6409095f2021-12-17 12:32:24.060root 11241100x8000000000000000321032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559904580971aa052021-12-17 12:32:24.061root 11241100x8000000000000000321033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27e43c36f7e39ef2021-12-17 12:32:24.061root 11241100x8000000000000000321034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6b701ae9f9fee22021-12-17 12:32:24.061root 11241100x8000000000000000321035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e4eb9e5b7c4f602021-12-17 12:32:24.061root 11241100x8000000000000000321036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d1c94fde24a2442021-12-17 12:32:24.061root 11241100x8000000000000000321037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad66c6184272e7d2021-12-17 12:32:24.061root 354300x8000000000000000321038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.225{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44530-false10.0.1.12-8000- 11241100x8000000000000000321039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cff065bf00de73a2021-12-17 12:32:24.558root 11241100x8000000000000000321040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4db8c28fd6312232021-12-17 12:32:24.558root 11241100x8000000000000000321041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd42f5599f64a4b52021-12-17 12:32:24.558root 11241100x8000000000000000321042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df888ecd39159d662021-12-17 12:32:24.558root 11241100x8000000000000000321043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbea929e5710940a2021-12-17 12:32:24.558root 11241100x8000000000000000321044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeec443ed4c8cffa2021-12-17 12:32:24.560root 11241100x8000000000000000321045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862e48463d6993082021-12-17 12:32:24.560root 11241100x8000000000000000321046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b37cb4ddcd767aa2021-12-17 12:32:24.560root 11241100x8000000000000000321047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870147f8fa59d8f32021-12-17 12:32:24.560root 11241100x8000000000000000321048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47d77e4ccb398862021-12-17 12:32:24.560root 11241100x8000000000000000321049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3df955bbfac26b2021-12-17 12:32:24.560root 11241100x8000000000000000321050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3343a60f904eb42021-12-17 12:32:24.560root 11241100x8000000000000000321051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ecfe26bb848e402021-12-17 12:32:24.560root 11241100x8000000000000000321052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a9d6b3d1fbe3352021-12-17 12:32:24.560root 11241100x8000000000000000321053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd57f40675d705432021-12-17 12:32:24.561root 11241100x8000000000000000321054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2784f24447e2be382021-12-17 12:32:24.561root 11241100x8000000000000000321055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37acc77e7fceb7fd2021-12-17 12:32:24.561root 11241100x8000000000000000321056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f076991f7e90a0922021-12-17 12:32:24.561root 11241100x8000000000000000321057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd63fa2f5017fdf2021-12-17 12:32:24.561root 11241100x8000000000000000321058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66a8a04198b7a8f2021-12-17 12:32:24.561root 11241100x8000000000000000321059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8e4aff8357604d2021-12-17 12:32:24.561root 11241100x8000000000000000321060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1966ee0118c3bcd12021-12-17 12:32:24.561root 11241100x8000000000000000321061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b047ff9aed30032021-12-17 12:32:24.561root 11241100x8000000000000000321062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf59c4022bb3bb232021-12-17 12:32:24.561root 11241100x8000000000000000321063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88c0186a0a8747a2021-12-17 12:32:24.561root 11241100x8000000000000000321064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8999430f8432e3d52021-12-17 12:32:24.561root 11241100x8000000000000000321065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0ebbf3e02da6da2021-12-17 12:32:24.561root 11241100x8000000000000000321066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc1d4f8d91493fe2021-12-17 12:32:24.561root 11241100x8000000000000000321067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e84d6aa59bf447f2021-12-17 12:32:24.562root 11241100x8000000000000000321068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647e49a9db073fb72021-12-17 12:32:24.562root 11241100x8000000000000000321069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6fb2e4443bca432021-12-17 12:32:24.562root 11241100x8000000000000000321070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bf90d7fb3a95d22021-12-17 12:32:24.562root 11241100x8000000000000000321071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6293daa22a762a92021-12-17 12:32:24.562root 11241100x8000000000000000321072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5176abed8b6ff62021-12-17 12:32:24.562root 11241100x8000000000000000321073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae0885de9593e462021-12-17 12:32:24.562root 11241100x8000000000000000321074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:24.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a44bf7492af57542021-12-17 12:32:24.562root 11241100x8000000000000000321075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5ea173a63192742021-12-17 12:32:25.058root 11241100x8000000000000000321076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6761345ec2fc82b2021-12-17 12:32:25.058root 11241100x8000000000000000321077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f005dbf7bf6e14932021-12-17 12:32:25.058root 11241100x8000000000000000321078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53a44ddd352b4612021-12-17 12:32:25.058root 11241100x8000000000000000321079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2931dc259bc2592021-12-17 12:32:25.058root 11241100x8000000000000000321080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49028d59f0a45d62021-12-17 12:32:25.058root 11241100x8000000000000000321081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7d9451a32001212021-12-17 12:32:25.058root 11241100x8000000000000000321082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc49a926eb9d02da2021-12-17 12:32:25.058root 11241100x8000000000000000321083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4ac7ac6bbea7bd2021-12-17 12:32:25.058root 11241100x8000000000000000321084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114856f5d27ac8532021-12-17 12:32:25.058root 11241100x8000000000000000321085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5a2f79d413471b2021-12-17 12:32:25.058root 11241100x8000000000000000321086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20c1e902c1e37212021-12-17 12:32:25.058root 11241100x8000000000000000321087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43dac6f92ec777d2021-12-17 12:32:25.058root 11241100x8000000000000000321088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7be95d407830a802021-12-17 12:32:25.059root 11241100x8000000000000000321089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bd7643aa4fb8df2021-12-17 12:32:25.059root 11241100x8000000000000000321090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5035950cc723002021-12-17 12:32:25.059root 11241100x8000000000000000321091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c70fa931e49e2902021-12-17 12:32:25.059root 11241100x8000000000000000321092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e939ffbce617872021-12-17 12:32:25.059root 11241100x8000000000000000321093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8f864375751cd22021-12-17 12:32:25.059root 11241100x8000000000000000321094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dbd66d297863ab2021-12-17 12:32:25.059root 11241100x8000000000000000321095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6681eccccfeadd322021-12-17 12:32:25.059root 11241100x8000000000000000321096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd4c6de520eee8a2021-12-17 12:32:25.059root 11241100x8000000000000000321097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ff0fc4d4b3bb1f2021-12-17 12:32:25.059root 11241100x8000000000000000321098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686aeb80cbe9af7f2021-12-17 12:32:25.059root 11241100x8000000000000000321099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d10e89efb730ba2021-12-17 12:32:25.060root 11241100x8000000000000000321100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffe387077a71d152021-12-17 12:32:25.060root 11241100x8000000000000000321101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1098b3c71f73be2e2021-12-17 12:32:25.060root 11241100x8000000000000000321102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57637c3211810f4e2021-12-17 12:32:25.060root 11241100x8000000000000000321103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1445b9f9d4329d8a2021-12-17 12:32:25.060root 11241100x8000000000000000321104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773b373ed31ef5392021-12-17 12:32:25.060root 11241100x8000000000000000321105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354d59ff715477bb2021-12-17 12:32:25.060root 11241100x8000000000000000321106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5430318b819592702021-12-17 12:32:25.060root 11241100x8000000000000000321107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5a6390f27f7a3b2021-12-17 12:32:25.060root 11241100x8000000000000000321108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac9e67b26ab645f2021-12-17 12:32:25.060root 11241100x8000000000000000321109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb816e9075c6e352021-12-17 12:32:25.060root 11241100x8000000000000000321110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc54e645a5b466862021-12-17 12:32:25.060root 11241100x8000000000000000321111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4414acce8b5de2162021-12-17 12:32:25.558root 11241100x8000000000000000321112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813265fb506820ef2021-12-17 12:32:25.558root 11241100x8000000000000000321113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2504e4f75c0602d2021-12-17 12:32:25.558root 11241100x8000000000000000321114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42950cefcd380b7f2021-12-17 12:32:25.558root 11241100x8000000000000000321115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515c96ca9005eb1e2021-12-17 12:32:25.558root 11241100x8000000000000000321116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574a6427790fcad12021-12-17 12:32:25.558root 11241100x8000000000000000321117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e0479c3031058c2021-12-17 12:32:25.558root 11241100x8000000000000000321118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4b480b84d3a03f2021-12-17 12:32:25.558root 11241100x8000000000000000321119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910694d919e93c432021-12-17 12:32:25.558root 11241100x8000000000000000321120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ec30621b990c242021-12-17 12:32:25.558root 11241100x8000000000000000321121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4828d6f28cb5da2021-12-17 12:32:25.558root 11241100x8000000000000000321122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25a3aace09631502021-12-17 12:32:25.559root 11241100x8000000000000000321123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0c34364c45be822021-12-17 12:32:25.559root 11241100x8000000000000000321124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2afb4cdcfd6a88d2021-12-17 12:32:25.559root 11241100x8000000000000000321125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f26012655cdb362021-12-17 12:32:25.559root 11241100x8000000000000000321126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f973c8be7efd76582021-12-17 12:32:25.559root 11241100x8000000000000000321127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af6118488a35c882021-12-17 12:32:25.559root 11241100x8000000000000000321128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc389b642771d8db2021-12-17 12:32:25.559root 11241100x8000000000000000321129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e91cf790d3e79992021-12-17 12:32:25.559root 11241100x8000000000000000321130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fe1f99e5d68e422021-12-17 12:32:25.559root 11241100x8000000000000000321131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1408960fc74bedb52021-12-17 12:32:25.559root 11241100x8000000000000000321132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545eb15bd5cf9a492021-12-17 12:32:25.559root 11241100x8000000000000000321133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d65ce1e05c7739e2021-12-17 12:32:25.559root 11241100x8000000000000000321134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d218bae025d03b2021-12-17 12:32:25.559root 11241100x8000000000000000321135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1c26fcbd42de922021-12-17 12:32:25.560root 11241100x8000000000000000321136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef09a6f6a9c1f1c2021-12-17 12:32:25.560root 11241100x8000000000000000321137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a799b1b165c9ad1d2021-12-17 12:32:25.560root 11241100x8000000000000000321138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f7a81b14a0770b2021-12-17 12:32:25.560root 11241100x8000000000000000321139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9df6a20b5cfca422021-12-17 12:32:25.560root 11241100x8000000000000000321140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8ab6e1f1e668262021-12-17 12:32:25.561root 11241100x8000000000000000321141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c6369b2856d3f62021-12-17 12:32:25.561root 11241100x8000000000000000321142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395fd98f0a777f3a2021-12-17 12:32:25.561root 11241100x8000000000000000321143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbb3181d49a20f62021-12-17 12:32:25.561root 11241100x8000000000000000321144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e265ed65d03f9d52021-12-17 12:32:25.561root 11241100x8000000000000000321145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f767e49344486d792021-12-17 12:32:25.561root 11241100x8000000000000000321146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:25.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f3081a100fce632021-12-17 12:32:25.562root 11241100x8000000000000000321147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf6e56496bbc4b62021-12-17 12:32:26.058root 11241100x8000000000000000321148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426ca55a7b67eeb12021-12-17 12:32:26.058root 11241100x8000000000000000321149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7399076010b6a9892021-12-17 12:32:26.058root 11241100x8000000000000000321150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa93216b19d12d6b2021-12-17 12:32:26.058root 11241100x8000000000000000321151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79761e20b76d658f2021-12-17 12:32:26.059root 11241100x8000000000000000321152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a5335f0ca921232021-12-17 12:32:26.059root 11241100x8000000000000000321153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced233e90a58964b2021-12-17 12:32:26.059root 11241100x8000000000000000321154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b84ea5cc9a58bf92021-12-17 12:32:26.059root 11241100x8000000000000000321155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7544107c4be609492021-12-17 12:32:26.060root 11241100x8000000000000000321156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86525d44da8fda0a2021-12-17 12:32:26.060root 11241100x8000000000000000321157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ae51ee844ef3592021-12-17 12:32:26.060root 11241100x8000000000000000321158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82ea44a3f1a28962021-12-17 12:32:26.060root 11241100x8000000000000000321159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af83e0bc5963ed72021-12-17 12:32:26.060root 11241100x8000000000000000321160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3cc9fd0065e2572021-12-17 12:32:26.062root 11241100x8000000000000000321161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5add1c1c53f2299a2021-12-17 12:32:26.062root 11241100x8000000000000000321162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299c24d11f7da6852021-12-17 12:32:26.063root 11241100x8000000000000000321163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0295b820118a4e8d2021-12-17 12:32:26.063root 11241100x8000000000000000321164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc11bf8d52facd7b2021-12-17 12:32:26.063root 11241100x8000000000000000321165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4389aabb1d49a712021-12-17 12:32:26.063root 11241100x8000000000000000321166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46606f7d2371eb382021-12-17 12:32:26.063root 11241100x8000000000000000321167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ac982500eff7b42021-12-17 12:32:26.063root 11241100x8000000000000000321168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a6d6a5aaa0aa522021-12-17 12:32:26.063root 11241100x8000000000000000321169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d9bbb33f0443a2021-12-17 12:32:26.063root 11241100x8000000000000000321170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e68eab2ce4452b52021-12-17 12:32:26.063root 11241100x8000000000000000321171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d86fcccefeea0a2021-12-17 12:32:26.063root 11241100x8000000000000000321172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110ca8c8001ea3c12021-12-17 12:32:26.064root 11241100x8000000000000000321173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0590dc6767b3b4242021-12-17 12:32:26.064root 11241100x8000000000000000321174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91674acb4c9916402021-12-17 12:32:26.064root 11241100x8000000000000000321175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5018c30e22b5f62021-12-17 12:32:26.064root 11241100x8000000000000000321176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49883b10e20787cc2021-12-17 12:32:26.064root 11241100x8000000000000000321177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e0af13c8e924f02021-12-17 12:32:26.064root 11241100x8000000000000000321178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0e55723b77ab7c2021-12-17 12:32:26.064root 11241100x8000000000000000321179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbca24979427e792021-12-17 12:32:26.064root 11241100x8000000000000000321180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366c130f5d2c3c042021-12-17 12:32:26.064root 11241100x8000000000000000321181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b745c47b1bdcfe32021-12-17 12:32:26.064root 11241100x8000000000000000321182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e00339d003f5d4e2021-12-17 12:32:26.064root 11241100x8000000000000000321183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb40d3d1070154e2021-12-17 12:32:26.557root 11241100x8000000000000000321184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a7b870b2841aa02021-12-17 12:32:26.558root 11241100x8000000000000000321185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcc55eb3ee87a6f2021-12-17 12:32:26.558root 11241100x8000000000000000321186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4af974215692c72021-12-17 12:32:26.558root 11241100x8000000000000000321187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16267e28eeba31c2021-12-17 12:32:26.559root 11241100x8000000000000000321188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1e904ffbd2eabd2021-12-17 12:32:26.559root 11241100x8000000000000000321189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ca59c621aa9d692021-12-17 12:32:26.559root 11241100x8000000000000000321190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36a9820ecdf6d1f2021-12-17 12:32:26.559root 11241100x8000000000000000321191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5660fa2399f2ed882021-12-17 12:32:26.559root 11241100x8000000000000000321192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b80cc6f161c90e2021-12-17 12:32:26.559root 11241100x8000000000000000321193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f74230b23078d0c2021-12-17 12:32:26.560root 11241100x8000000000000000321194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70858723a5b003562021-12-17 12:32:26.560root 11241100x8000000000000000321195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bdca4d1f8062172021-12-17 12:32:26.560root 11241100x8000000000000000321196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b934b0506788f32021-12-17 12:32:26.560root 11241100x8000000000000000321197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1ad70970ecf2272021-12-17 12:32:26.560root 11241100x8000000000000000321198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db43f20c43a46e12021-12-17 12:32:26.560root 11241100x8000000000000000321199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8231e315c6548a2021-12-17 12:32:26.560root 11241100x8000000000000000321200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af9967ce38d91782021-12-17 12:32:26.561root 11241100x8000000000000000321201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a65c1abaf630912021-12-17 12:32:26.561root 11241100x8000000000000000321202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f12793496693522021-12-17 12:32:26.561root 11241100x8000000000000000321203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75daf4313c82814f2021-12-17 12:32:26.561root 11241100x8000000000000000321204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c0faed1d9c4a152021-12-17 12:32:26.561root 11241100x8000000000000000321205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5d22d51600fed22021-12-17 12:32:26.561root 11241100x8000000000000000321206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871d2082658f8a0a2021-12-17 12:32:26.561root 11241100x8000000000000000321207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aa448e490f10cb2021-12-17 12:32:26.562root 11241100x8000000000000000321208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdb1bef68ddb05d2021-12-17 12:32:26.562root 11241100x8000000000000000321209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad0a7c1278b65fd2021-12-17 12:32:26.562root 11241100x8000000000000000321210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e14cfa33f32a9bb2021-12-17 12:32:26.563root 11241100x8000000000000000321211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f44caf8553c8cac2021-12-17 12:32:26.563root 11241100x8000000000000000321212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91564e42ecdca9e2021-12-17 12:32:26.563root 11241100x8000000000000000321213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9f064b09d7a6d42021-12-17 12:32:26.563root 11241100x8000000000000000321214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66756e7fbf39a9162021-12-17 12:32:26.563root 11241100x8000000000000000321215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9cf147adcf31552021-12-17 12:32:26.563root 11241100x8000000000000000321216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aa5eaa9e16d6be2021-12-17 12:32:26.564root 11241100x8000000000000000321217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4e49c96bcdc6072021-12-17 12:32:26.564root 11241100x8000000000000000321218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:26.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf335e4c70f4b072021-12-17 12:32:26.564root 11241100x8000000000000000321219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40eefcf560b0d5a82021-12-17 12:32:27.058root 11241100x8000000000000000321220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47253ac9021a73c2021-12-17 12:32:27.058root 11241100x8000000000000000321221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13765d67cbec8332021-12-17 12:32:27.058root 11241100x8000000000000000321222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219e2ddcb4a2c5e12021-12-17 12:32:27.058root 11241100x8000000000000000321223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561f9b08497060892021-12-17 12:32:27.058root 11241100x8000000000000000321224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f843c683076f382021-12-17 12:32:27.058root 11241100x8000000000000000321225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d786cf4e2d80fe32021-12-17 12:32:27.058root 11241100x8000000000000000321226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9ee89abd9fd9732021-12-17 12:32:27.058root 11241100x8000000000000000321227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfb0cad92e943302021-12-17 12:32:27.058root 11241100x8000000000000000321228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e505c802e84a8362021-12-17 12:32:27.058root 11241100x8000000000000000321229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97bb6026a70cacb2021-12-17 12:32:27.059root 11241100x8000000000000000321230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d047ef762f63352021-12-17 12:32:27.059root 11241100x8000000000000000321231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a75d3a815df7792021-12-17 12:32:27.059root 11241100x8000000000000000321232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132a7acc89e91fe52021-12-17 12:32:27.059root 11241100x8000000000000000321233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ed75385c51a3ea2021-12-17 12:32:27.059root 11241100x8000000000000000321234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c347b6b5a89aa22021-12-17 12:32:27.059root 11241100x8000000000000000321235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbff759ebbd00ea2021-12-17 12:32:27.059root 11241100x8000000000000000321236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92012d05cb95bb2c2021-12-17 12:32:27.059root 11241100x8000000000000000321237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0cb3e28368d2542021-12-17 12:32:27.059root 11241100x8000000000000000321238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95081601c75503c52021-12-17 12:32:27.059root 11241100x8000000000000000321239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf76be96ddd679bf2021-12-17 12:32:27.059root 11241100x8000000000000000321240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2513ba2d682511d2021-12-17 12:32:27.059root 11241100x8000000000000000321241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06de7797064429d52021-12-17 12:32:27.059root 11241100x8000000000000000321242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a430dc3a7403c1732021-12-17 12:32:27.059root 11241100x8000000000000000321243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a684e5852fb9f9c42021-12-17 12:32:27.059root 11241100x8000000000000000321244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9714fdb055a1524d2021-12-17 12:32:27.060root 11241100x8000000000000000321245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef401612cc2e4fa02021-12-17 12:32:27.060root 11241100x8000000000000000321246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8da7ced10a71162021-12-17 12:32:27.060root 11241100x8000000000000000321247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5771cc0f1811642021-12-17 12:32:27.060root 11241100x8000000000000000321248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3e63ae30cc089a2021-12-17 12:32:27.060root 11241100x8000000000000000321249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e5629e196ddc582021-12-17 12:32:27.060root 11241100x8000000000000000321250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3827260571c4ab1f2021-12-17 12:32:27.060root 11241100x8000000000000000321251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a510572940b57d0a2021-12-17 12:32:27.060root 11241100x8000000000000000321252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc124a680583aa42021-12-17 12:32:27.060root 11241100x8000000000000000321253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68f1df2e2ee48302021-12-17 12:32:27.060root 11241100x8000000000000000321254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12234583317cc5282021-12-17 12:32:27.060root 11241100x8000000000000000321255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8cac2c996260392021-12-17 12:32:27.558root 11241100x8000000000000000321256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b851deed451db52021-12-17 12:32:27.558root 11241100x8000000000000000321257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cb8efa8772db382021-12-17 12:32:27.558root 11241100x8000000000000000321258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1eabac88f0e0122021-12-17 12:32:27.558root 11241100x8000000000000000321259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12cd697314324c42021-12-17 12:32:27.558root 11241100x8000000000000000321260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cf341a20fabf6a2021-12-17 12:32:27.558root 11241100x8000000000000000321261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc81af3d6e6d17e2021-12-17 12:32:27.558root 11241100x8000000000000000321262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c545b0a6f4d7722021-12-17 12:32:27.558root 11241100x8000000000000000321263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0088387cf464b2021-12-17 12:32:27.558root 11241100x8000000000000000321264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f33de6a3781b752021-12-17 12:32:27.558root 11241100x8000000000000000321265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a85f9de82b6f8c2021-12-17 12:32:27.558root 11241100x8000000000000000321266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063f3b71b4489d202021-12-17 12:32:27.558root 11241100x8000000000000000321267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987e8bb1439472922021-12-17 12:32:27.558root 11241100x8000000000000000321268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a5abcee4aee5702021-12-17 12:32:27.559root 11241100x8000000000000000321269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8839a86753e31a6a2021-12-17 12:32:27.559root 11241100x8000000000000000321270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d32ab1a405a9e02021-12-17 12:32:27.559root 11241100x8000000000000000321271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fddfb6ba46961602021-12-17 12:32:27.559root 11241100x8000000000000000321272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70f552791f09c242021-12-17 12:32:27.559root 11241100x8000000000000000321273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e23be2e6b282c12021-12-17 12:32:27.559root 11241100x8000000000000000321274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927540b511f59a862021-12-17 12:32:27.559root 11241100x8000000000000000321275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65b17ee87c1c87e2021-12-17 12:32:27.559root 11241100x8000000000000000321276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c603f22afb9692522021-12-17 12:32:27.559root 11241100x8000000000000000321277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5e8fbe1fc1387e2021-12-17 12:32:27.559root 11241100x8000000000000000321278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff67487ab7372fa2021-12-17 12:32:27.559root 11241100x8000000000000000321279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe68a953b570067d2021-12-17 12:32:27.559root 11241100x8000000000000000321280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b7da33f81144182021-12-17 12:32:27.559root 11241100x8000000000000000321281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e9499ca3c7abe62021-12-17 12:32:27.559root 11241100x8000000000000000321282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848473b0d9fe22782021-12-17 12:32:27.560root 11241100x8000000000000000321283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8641982ac5ef957f2021-12-17 12:32:27.560root 11241100x8000000000000000321284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980e20741b37e87f2021-12-17 12:32:27.560root 11241100x8000000000000000321285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c7b92cce8cc3a52021-12-17 12:32:27.560root 11241100x8000000000000000321286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fcc7b4244cd4b12021-12-17 12:32:27.560root 11241100x8000000000000000321287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6845ec91c17f442021-12-17 12:32:27.560root 11241100x8000000000000000321288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82663b9b013e4dc2021-12-17 12:32:27.560root 11241100x8000000000000000321289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b64ae754ca779e2021-12-17 12:32:27.560root 11241100x8000000000000000321290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:27.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd47ac0cd261adb2021-12-17 12:32:27.560root 11241100x8000000000000000321291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbc8a65f54365a22021-12-17 12:32:28.058root 11241100x8000000000000000321292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0600bc96951416202021-12-17 12:32:28.058root 11241100x8000000000000000321293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9922a2e3a1e5ae6b2021-12-17 12:32:28.058root 11241100x8000000000000000321294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9b90b9d477735e2021-12-17 12:32:28.058root 11241100x8000000000000000321295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6e87f50b49f2d02021-12-17 12:32:28.058root 11241100x8000000000000000321296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1e9455557dffd42021-12-17 12:32:28.059root 11241100x8000000000000000321297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c157d0d4c7cac8192021-12-17 12:32:28.059root 11241100x8000000000000000321298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12392cc2b0217b492021-12-17 12:32:28.059root 11241100x8000000000000000321299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d688679925bf69c2021-12-17 12:32:28.059root 11241100x8000000000000000321300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa720e9b1e757a0d2021-12-17 12:32:28.059root 11241100x8000000000000000321301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3670f5f067ffd12021-12-17 12:32:28.059root 11241100x8000000000000000321302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed650ac02ac531c2021-12-17 12:32:28.059root 11241100x8000000000000000321303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0b0aa385a456112021-12-17 12:32:28.059root 11241100x8000000000000000321304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1606a02e8bacb592021-12-17 12:32:28.059root 11241100x8000000000000000321305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463616c5d33cce652021-12-17 12:32:28.059root 11241100x8000000000000000321306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a756c82fb72d1a552021-12-17 12:32:28.059root 11241100x8000000000000000321307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d19b46452ac9c62021-12-17 12:32:28.059root 11241100x8000000000000000321308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f035058ec49f612021-12-17 12:32:28.059root 11241100x8000000000000000321309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147309f99fde1cbf2021-12-17 12:32:28.060root 11241100x8000000000000000321310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf33d3ccb5b3e342021-12-17 12:32:28.060root 11241100x8000000000000000321311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074f16c16457a2bc2021-12-17 12:32:28.060root 11241100x8000000000000000321312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fcbedad036b83c2021-12-17 12:32:28.060root 11241100x8000000000000000321313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46a2983c37d2d892021-12-17 12:32:28.060root 11241100x8000000000000000321314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c7e8e676ea33602021-12-17 12:32:28.061root 11241100x8000000000000000321315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abadcdfb64d623d02021-12-17 12:32:28.061root 11241100x8000000000000000321316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34b5b9bd8abbde22021-12-17 12:32:28.061root 11241100x8000000000000000321317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8afa891b2ddfa652021-12-17 12:32:28.061root 11241100x8000000000000000321318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303edae2b84a35482021-12-17 12:32:28.061root 11241100x8000000000000000321319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3375d41b92bb3a242021-12-17 12:32:28.062root 11241100x8000000000000000321320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0ef740b079c2462021-12-17 12:32:28.062root 11241100x8000000000000000321321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605aafdd2d059d252021-12-17 12:32:28.062root 11241100x8000000000000000321322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c038747e9022d32021-12-17 12:32:28.062root 11241100x8000000000000000321323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a58c35b377663602021-12-17 12:32:28.062root 11241100x8000000000000000321324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780f651b31114c952021-12-17 12:32:28.062root 11241100x8000000000000000321325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cafb8b820006692021-12-17 12:32:28.062root 11241100x8000000000000000321326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a078d626e3b8a82021-12-17 12:32:28.062root 11241100x8000000000000000321327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375405dc7d35d2832021-12-17 12:32:28.558root 11241100x8000000000000000321328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5146ab2cb1a7587a2021-12-17 12:32:28.558root 11241100x8000000000000000321329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afcc8865ee9bdb22021-12-17 12:32:28.558root 11241100x8000000000000000321330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a0a195142e60a02021-12-17 12:32:28.558root 11241100x8000000000000000321331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb641d626b32e2762021-12-17 12:32:28.558root 11241100x8000000000000000321332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de7543c9a602b122021-12-17 12:32:28.558root 11241100x8000000000000000321333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f68df0801c91112021-12-17 12:32:28.558root 11241100x8000000000000000321334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f891b4d725d533552021-12-17 12:32:28.558root 11241100x8000000000000000321335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2066d4b9681f639b2021-12-17 12:32:28.558root 11241100x8000000000000000321336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508e07715376e7cc2021-12-17 12:32:28.558root 11241100x8000000000000000321337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d19609d44830df22021-12-17 12:32:28.558root 11241100x8000000000000000321338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f850cfe48f965c2021-12-17 12:32:28.559root 11241100x8000000000000000321339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d09434f8cf7722b2021-12-17 12:32:28.559root 11241100x8000000000000000321340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40859964ef755db92021-12-17 12:32:28.559root 11241100x8000000000000000321341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f976bd40067ee962021-12-17 12:32:28.559root 11241100x8000000000000000321342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172c5be8d7f2a9862021-12-17 12:32:28.559root 11241100x8000000000000000321343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe49da7688f478f62021-12-17 12:32:28.559root 11241100x8000000000000000321344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86181c4001bae892021-12-17 12:32:28.559root 11241100x8000000000000000321345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6fa06b574aa8a12021-12-17 12:32:28.559root 11241100x8000000000000000321346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc40d0833879ab7a2021-12-17 12:32:28.559root 11241100x8000000000000000321347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6669c716ccfad032021-12-17 12:32:28.559root 11241100x8000000000000000321348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451af02bb26810292021-12-17 12:32:28.559root 11241100x8000000000000000321349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434daa81853350cd2021-12-17 12:32:28.559root 11241100x8000000000000000321350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9748809ca6d061042021-12-17 12:32:28.559root 11241100x8000000000000000321351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb10133f01d8a0a2021-12-17 12:32:28.560root 11241100x8000000000000000321352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea690bcb77e5eff22021-12-17 12:32:28.560root 11241100x8000000000000000321353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221a5551a882fa8b2021-12-17 12:32:28.560root 11241100x8000000000000000321354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921736c10f37bb692021-12-17 12:32:28.560root 11241100x8000000000000000321355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7efd85ed204a0f2021-12-17 12:32:28.560root 11241100x8000000000000000321356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce43507c3e77161f2021-12-17 12:32:28.560root 11241100x8000000000000000321357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e157771d2ccc5f42021-12-17 12:32:28.560root 11241100x8000000000000000321358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df055e3023fc8fa62021-12-17 12:32:28.560root 11241100x8000000000000000321359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7562d85949e4c372021-12-17 12:32:28.560root 11241100x8000000000000000321360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dbfca42ed419fa2021-12-17 12:32:28.560root 11241100x8000000000000000321361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629dd7d977c0e21c2021-12-17 12:32:28.560root 11241100x8000000000000000321362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:28.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b5775a96cc57332021-12-17 12:32:28.560root 11241100x8000000000000000321363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30870e707181ae202021-12-17 12:32:29.058root 11241100x8000000000000000321364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aabb6c0ff385e952021-12-17 12:32:29.058root 11241100x8000000000000000321365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c91355e6eebe902021-12-17 12:32:29.058root 11241100x8000000000000000321366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec90cb571a7171d2021-12-17 12:32:29.058root 11241100x8000000000000000321367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8036d1194818bda2021-12-17 12:32:29.058root 11241100x8000000000000000321368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a775d862da4ad9ed2021-12-17 12:32:29.058root 11241100x8000000000000000321369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6547614a86b76c3b2021-12-17 12:32:29.058root 11241100x8000000000000000321370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67ddef88a51eb912021-12-17 12:32:29.058root 11241100x8000000000000000321371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9814de00b1133b12021-12-17 12:32:29.058root 11241100x8000000000000000321372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec5e5241c57b59c2021-12-17 12:32:29.058root 11241100x8000000000000000321373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aceac0869fe1d822021-12-17 12:32:29.058root 11241100x8000000000000000321374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fbb4f5a1f9e9042021-12-17 12:32:29.058root 11241100x8000000000000000321375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67b012a4a84a4cc2021-12-17 12:32:29.058root 11241100x8000000000000000321376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bbf2e005b8a86f2021-12-17 12:32:29.059root 11241100x8000000000000000321377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6edfbbb31ad22ec2021-12-17 12:32:29.059root 11241100x8000000000000000321378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5692196783edd8e12021-12-17 12:32:29.059root 11241100x8000000000000000321379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2225600ffa3ff2a92021-12-17 12:32:29.059root 11241100x8000000000000000321380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b5e84a40d98e702021-12-17 12:32:29.059root 11241100x8000000000000000321381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd8094f88d0f3082021-12-17 12:32:29.059root 11241100x8000000000000000321382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd13af7fc704f852021-12-17 12:32:29.059root 11241100x8000000000000000321383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8cc38f20de316c2021-12-17 12:32:29.059root 11241100x8000000000000000321384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6573b1fe93c05f382021-12-17 12:32:29.059root 11241100x8000000000000000321385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290405f1fa54b4d62021-12-17 12:32:29.059root 11241100x8000000000000000321386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae986a5827c587b2021-12-17 12:32:29.059root 11241100x8000000000000000321387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbd7f7cc423eade2021-12-17 12:32:29.059root 11241100x8000000000000000321388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f95d4af7a98adc2021-12-17 12:32:29.060root 11241100x8000000000000000321389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f44ae4904ec1062021-12-17 12:32:29.060root 11241100x8000000000000000321390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971e4d39b0d826072021-12-17 12:32:29.060root 11241100x8000000000000000321391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3908796d75e95c2021-12-17 12:32:29.060root 11241100x8000000000000000321392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48598e5433cbc2f32021-12-17 12:32:29.060root 11241100x8000000000000000321393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a90d9661b9fda102021-12-17 12:32:29.060root 11241100x8000000000000000321394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4726cebffb0286422021-12-17 12:32:29.060root 11241100x8000000000000000321395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78268233358fcc512021-12-17 12:32:29.060root 11241100x8000000000000000321396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60d0c2ac0cc89d12021-12-17 12:32:29.060root 11241100x8000000000000000321397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a690700222881132021-12-17 12:32:29.060root 11241100x8000000000000000321398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fa219f7856e6d62021-12-17 12:32:29.060root 354300x8000000000000000321399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.225{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44532-false10.0.1.12-8000- 11241100x8000000000000000321400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83abb26771732cb52021-12-17 12:32:29.558root 11241100x8000000000000000321401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edae0d3927349102021-12-17 12:32:29.558root 11241100x8000000000000000321402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5363b1a0220c8662021-12-17 12:32:29.558root 11241100x8000000000000000321403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ba20042707285e2021-12-17 12:32:29.558root 11241100x8000000000000000321404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a625fdc36fb9df2021-12-17 12:32:29.558root 11241100x8000000000000000321405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ec797cfab9b2472021-12-17 12:32:29.558root 11241100x8000000000000000321406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56eae4d41bb1132a2021-12-17 12:32:29.558root 11241100x8000000000000000321407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e41b16b9ca71e92021-12-17 12:32:29.558root 11241100x8000000000000000321408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f66f82e7ef75b0c2021-12-17 12:32:29.558root 11241100x8000000000000000321409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7e9f92b5bd654b2021-12-17 12:32:29.558root 11241100x8000000000000000321410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1b4a2aef2301752021-12-17 12:32:29.558root 11241100x8000000000000000321411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f40715904aee3742021-12-17 12:32:29.558root 11241100x8000000000000000321412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b83ba69f391a0ad2021-12-17 12:32:29.558root 11241100x8000000000000000321413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c2c2534082902d2021-12-17 12:32:29.559root 11241100x8000000000000000321414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca35fc42a8cef4172021-12-17 12:32:29.559root 11241100x8000000000000000321415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573741cdf4d444cf2021-12-17 12:32:29.559root 11241100x8000000000000000321416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090b27a8cc59c3e32021-12-17 12:32:29.559root 11241100x8000000000000000321417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4684e5782232fcea2021-12-17 12:32:29.559root 11241100x8000000000000000321418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02aa5ca8c504d5ae2021-12-17 12:32:29.559root 11241100x8000000000000000321419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bfbc92ba09829c2021-12-17 12:32:29.559root 11241100x8000000000000000321420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2992be68cfdae96f2021-12-17 12:32:29.559root 11241100x8000000000000000321421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28127e73ff5c8fd2021-12-17 12:32:29.559root 11241100x8000000000000000321422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c96e09840f0d902021-12-17 12:32:29.559root 11241100x8000000000000000321423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983c71ca5e9c2bad2021-12-17 12:32:29.559root 11241100x8000000000000000321424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c7119fda1da6002021-12-17 12:32:29.559root 11241100x8000000000000000321425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e31fc683e3a50042021-12-17 12:32:29.559root 11241100x8000000000000000321426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475721bcfbe8ead52021-12-17 12:32:29.559root 11241100x8000000000000000321427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09f9fff4c69cbd22021-12-17 12:32:29.559root 11241100x8000000000000000321428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f3c2e995fc93c12021-12-17 12:32:29.560root 11241100x8000000000000000321429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ad57bd725d3dad2021-12-17 12:32:29.560root 11241100x8000000000000000321430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8315aa4f18d20242021-12-17 12:32:29.560root 11241100x8000000000000000321431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e368e2dee73a8b5e2021-12-17 12:32:29.560root 11241100x8000000000000000321432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3867a8baaa9f8a802021-12-17 12:32:29.560root 11241100x8000000000000000321433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9937deb7084fc2692021-12-17 12:32:29.560root 11241100x8000000000000000321434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03186bb48b515d132021-12-17 12:32:29.560root 11241100x8000000000000000321435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7f12cc81ba05bc2021-12-17 12:32:29.560root 11241100x8000000000000000321436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:29.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ed2410b1e024002021-12-17 12:32:29.560root 11241100x8000000000000000321437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0d57429e83ce8d2021-12-17 12:32:30.058root 11241100x8000000000000000321438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5313658d418c102021-12-17 12:32:30.058root 11241100x8000000000000000321439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ed8a45370cd5332021-12-17 12:32:30.058root 11241100x8000000000000000321440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fdb382229d86612021-12-17 12:32:30.058root 11241100x8000000000000000321441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808a4ab3568391ff2021-12-17 12:32:30.058root 11241100x8000000000000000321442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675238a8be623ea62021-12-17 12:32:30.058root 11241100x8000000000000000321443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32948e11641aaa912021-12-17 12:32:30.058root 11241100x8000000000000000321444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1528a4ace92f0212021-12-17 12:32:30.058root 11241100x8000000000000000321445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa706f9b83d2b1dc2021-12-17 12:32:30.058root 11241100x8000000000000000321446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8094a7c6ec398c042021-12-17 12:32:30.058root 11241100x8000000000000000321447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675a85099dc4e5b42021-12-17 12:32:30.058root 11241100x8000000000000000321448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d844945b3a489c2f2021-12-17 12:32:30.058root 11241100x8000000000000000321449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cbf80b5169af792021-12-17 12:32:30.058root 11241100x8000000000000000321450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb41f009894260ca2021-12-17 12:32:30.059root 11241100x8000000000000000321451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3108937fabfeccce2021-12-17 12:32:30.059root 11241100x8000000000000000321452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccee5de05a9d5dce2021-12-17 12:32:30.059root 11241100x8000000000000000321453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54357d0157ef1fe52021-12-17 12:32:30.059root 11241100x8000000000000000321454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917dfe7430fa463d2021-12-17 12:32:30.059root 11241100x8000000000000000321455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff6b5add3058b132021-12-17 12:32:30.059root 11241100x8000000000000000321456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212687f4b900419d2021-12-17 12:32:30.059root 11241100x8000000000000000321457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca4f3101b5d57522021-12-17 12:32:30.059root 11241100x8000000000000000321458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2df1dc35052e2552021-12-17 12:32:30.059root 11241100x8000000000000000321459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3446ab2b1dfa59692021-12-17 12:32:30.059root 11241100x8000000000000000321460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1cbaa2d66513202021-12-17 12:32:30.059root 11241100x8000000000000000321461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be77ffcce3ad1a712021-12-17 12:32:30.059root 11241100x8000000000000000321462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b73b21b6706e5172021-12-17 12:32:30.059root 11241100x8000000000000000321463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7688de50c7b7822021-12-17 12:32:30.059root 11241100x8000000000000000321464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa9ff1018b7d55b2021-12-17 12:32:30.059root 11241100x8000000000000000321465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874447fe2e51e70c2021-12-17 12:32:30.060root 11241100x8000000000000000321466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2da9b50839cb272021-12-17 12:32:30.060root 11241100x8000000000000000321467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bb472b034712822021-12-17 12:32:30.060root 11241100x8000000000000000321468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cad6d386b774732021-12-17 12:32:30.060root 11241100x8000000000000000321469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee797b8a2a345c22021-12-17 12:32:30.060root 11241100x8000000000000000321470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965423725333ecec2021-12-17 12:32:30.060root 11241100x8000000000000000321471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b868e84e08f0f72021-12-17 12:32:30.060root 11241100x8000000000000000321472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0ef3789c7a233e2021-12-17 12:32:30.060root 11241100x8000000000000000321473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a9a4f8b4a2d2052021-12-17 12:32:30.060root 11241100x8000000000000000321474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.168{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-17 12:32:30.168root 11241100x8000000000000000321475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13af6cbe2244472f2021-12-17 12:32:30.558root 11241100x8000000000000000321476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5235cc13da5a6c362021-12-17 12:32:30.558root 11241100x8000000000000000321477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c684ad284cc68fb52021-12-17 12:32:30.558root 11241100x8000000000000000321478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4464521a2ce946b62021-12-17 12:32:30.558root 11241100x8000000000000000321479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0545b5363a03ddbd2021-12-17 12:32:30.559root 11241100x8000000000000000321480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdddcb84029248c72021-12-17 12:32:30.559root 11241100x8000000000000000321481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf841baf75a2457c2021-12-17 12:32:30.559root 11241100x8000000000000000321482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3827749aa4ca1af2021-12-17 12:32:30.559root 11241100x8000000000000000321483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39da47383aacc0ec2021-12-17 12:32:30.559root 11241100x8000000000000000321484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a92d957027cee72021-12-17 12:32:30.559root 11241100x8000000000000000321485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1914605a78ba216b2021-12-17 12:32:30.559root 11241100x8000000000000000321486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d0893e1e9883c92021-12-17 12:32:30.559root 11241100x8000000000000000321487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c47f7494f7d5782021-12-17 12:32:30.559root 11241100x8000000000000000321488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70403ffc500f7e62021-12-17 12:32:30.559root 11241100x8000000000000000321489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa0c55577756eae2021-12-17 12:32:30.559root 11241100x8000000000000000321490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3fd8eb4c512fda2021-12-17 12:32:30.559root 11241100x8000000000000000321491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cade2b026cb192932021-12-17 12:32:30.559root 11241100x8000000000000000321492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdb4f4a8c8da5ca2021-12-17 12:32:30.559root 11241100x8000000000000000321493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18be5b45811feaa82021-12-17 12:32:30.559root 11241100x8000000000000000321494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de78d8b48ada4c8e2021-12-17 12:32:30.559root 11241100x8000000000000000321495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086c38b0b176bc5b2021-12-17 12:32:30.559root 11241100x8000000000000000321496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563102c0f6b3a6022021-12-17 12:32:30.560root 11241100x8000000000000000321497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8e47c25d2a25af2021-12-17 12:32:30.560root 11241100x8000000000000000321498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf510d44ee1f4f702021-12-17 12:32:30.560root 11241100x8000000000000000321499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d272161bf52719e22021-12-17 12:32:30.560root 11241100x8000000000000000321500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d47fe3fa65b80d2021-12-17 12:32:30.560root 11241100x8000000000000000321501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4842443ed2f893852021-12-17 12:32:30.560root 11241100x8000000000000000321502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627040ed4dd8a7352021-12-17 12:32:30.560root 11241100x8000000000000000321503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9a306a99d8add72021-12-17 12:32:30.560root 11241100x8000000000000000321504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d826afc8ce3c90ad2021-12-17 12:32:30.560root 11241100x8000000000000000321505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f26a9b5d99d07312021-12-17 12:32:30.560root 11241100x8000000000000000321506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e5d3aa6e00fc082021-12-17 12:32:30.560root 11241100x8000000000000000321507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f3b8b4119d9c532021-12-17 12:32:30.560root 11241100x8000000000000000321508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8643bcb51bce2c72021-12-17 12:32:30.560root 11241100x8000000000000000321509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dc58800659488b2021-12-17 12:32:30.560root 11241100x8000000000000000321510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac7ebc6d653bf322021-12-17 12:32:30.560root 11241100x8000000000000000321511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65339b2082bc04c2021-12-17 12:32:30.560root 11241100x8000000000000000321512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea6c3b88d87e2a12021-12-17 12:32:30.561root 11241100x8000000000000000321513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f2bfc5b04d243c2021-12-17 12:32:30.561root 11241100x8000000000000000321514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a355fe04542bd52021-12-17 12:32:30.561root 11241100x8000000000000000321515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79573744cd4f52fd2021-12-17 12:32:30.561root 354300x8000000000000000321516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:30.730{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41680-false10.0.1.12-8089- 11241100x8000000000000000321517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6effb9c5b16bc4fc2021-12-17 12:32:31.058root 11241100x8000000000000000321518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae79c4e8b7468cd2021-12-17 12:32:31.058root 11241100x8000000000000000321519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f911a8496cca682d2021-12-17 12:32:31.058root 11241100x8000000000000000321520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c286eb918bf709f2021-12-17 12:32:31.058root 11241100x8000000000000000321521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012477b9b99c29682021-12-17 12:32:31.058root 11241100x8000000000000000321522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9a04565d845aec2021-12-17 12:32:31.059root 11241100x8000000000000000321523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88d802b61a110fd2021-12-17 12:32:31.059root 11241100x8000000000000000321524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990ee9142f03bdc52021-12-17 12:32:31.059root 11241100x8000000000000000321525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8751e67716e2d82021-12-17 12:32:31.059root 11241100x8000000000000000321526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e0d0394a886fb12021-12-17 12:32:31.059root 11241100x8000000000000000321527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788a1ab57ed678ff2021-12-17 12:32:31.059root 11241100x8000000000000000321528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdfb179df1025612021-12-17 12:32:31.059root 11241100x8000000000000000321529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5867c6634cdf75302021-12-17 12:32:31.059root 11241100x8000000000000000321530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bc448cc2d27a6c2021-12-17 12:32:31.059root 11241100x8000000000000000321531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1a7ff73f3db8742021-12-17 12:32:31.059root 11241100x8000000000000000321532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfd356930bfb1282021-12-17 12:32:31.059root 11241100x8000000000000000321533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0589e052f72ce22021-12-17 12:32:31.059root 11241100x8000000000000000321534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d004c2602fa039292021-12-17 12:32:31.059root 11241100x8000000000000000321535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea4d6841c11de8d2021-12-17 12:32:31.059root 11241100x8000000000000000321536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06434e4d1cd121182021-12-17 12:32:31.059root 11241100x8000000000000000321537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5d09fbe59ff3752021-12-17 12:32:31.060root 11241100x8000000000000000321538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285f2a511c7aba2f2021-12-17 12:32:31.060root 11241100x8000000000000000321539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ace1e94cb8eb942021-12-17 12:32:31.060root 11241100x8000000000000000321540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7560a6306eb607952021-12-17 12:32:31.060root 11241100x8000000000000000321541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65672fc13efc8baf2021-12-17 12:32:31.060root 11241100x8000000000000000321542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4701f2721a91e2612021-12-17 12:32:31.060root 11241100x8000000000000000321543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285f47c8292420712021-12-17 12:32:31.060root 11241100x8000000000000000321544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb46924bd462f032021-12-17 12:32:31.060root 11241100x8000000000000000321545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d432faf45fc442092021-12-17 12:32:31.060root 11241100x8000000000000000321546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731d83983110569a2021-12-17 12:32:31.060root 11241100x8000000000000000321547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd494791e3677752021-12-17 12:32:31.060root 11241100x8000000000000000321548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6c05f21c4a5fc22021-12-17 12:32:31.060root 11241100x8000000000000000321549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796b7e16afd035052021-12-17 12:32:31.060root 11241100x8000000000000000321550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d3191aa82e3a942021-12-17 12:32:31.060root 11241100x8000000000000000321551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66281eb597412d712021-12-17 12:32:31.060root 11241100x8000000000000000321552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b417ca4bb907a6f42021-12-17 12:32:31.060root 11241100x8000000000000000321553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbea59953b0439c02021-12-17 12:32:31.060root 11241100x8000000000000000321554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097b7689d4a6020e2021-12-17 12:32:31.061root 11241100x8000000000000000321555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea62cc31153070f32021-12-17 12:32:31.061root 11241100x8000000000000000321556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35cf77cb72c1dfa2021-12-17 12:32:31.062root 11241100x8000000000000000321557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30783c35cc9570da2021-12-17 12:32:31.062root 11241100x8000000000000000321558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2c80c6e3c80b452021-12-17 12:32:31.062root 11241100x8000000000000000321559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9de55bffaf032c52021-12-17 12:32:31.062root 11241100x8000000000000000321560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774b6286f12475932021-12-17 12:32:31.062root 11241100x8000000000000000321561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d51d588b9664d62021-12-17 12:32:31.062root 11241100x8000000000000000321562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e961ab7148d094752021-12-17 12:32:31.062root 11241100x8000000000000000321563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6c32c1b363fa952021-12-17 12:32:31.063root 11241100x8000000000000000321564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995f49e4f6cd0ee32021-12-17 12:32:31.063root 11241100x8000000000000000321565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5757b609adbf814d2021-12-17 12:32:31.063root 11241100x8000000000000000321566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5232cd35cb5ab62021-12-17 12:32:31.063root 11241100x8000000000000000321567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9162ca3f54c8f8442021-12-17 12:32:31.063root 11241100x8000000000000000321568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fab5ada524065232021-12-17 12:32:31.063root 11241100x8000000000000000321569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7a501c1e005e9a2021-12-17 12:32:31.063root 11241100x8000000000000000321570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d28e5dcd95a81ec2021-12-17 12:32:31.063root 11241100x8000000000000000321571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1fb08b764718e52021-12-17 12:32:31.063root 11241100x8000000000000000321572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b011cf461ff1d72021-12-17 12:32:31.063root 11241100x8000000000000000321573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76bf025a9a0037f2021-12-17 12:32:31.063root 11241100x8000000000000000321574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bab1cf06ab9bbc62021-12-17 12:32:31.063root 11241100x8000000000000000321575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce51fde4dd18ef412021-12-17 12:32:31.063root 11241100x8000000000000000321576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa134923fc7623f2021-12-17 12:32:31.063root 11241100x8000000000000000321577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aaf4d4bb9845fdf2021-12-17 12:32:31.063root 11241100x8000000000000000321578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e77c9208c813d422021-12-17 12:32:31.063root 11241100x8000000000000000321579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e526deb711e03a8e2021-12-17 12:32:31.063root 11241100x8000000000000000321580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc902f13e44337fa2021-12-17 12:32:31.064root 11241100x8000000000000000321581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c3c103b779afcd2021-12-17 12:32:31.064root 11241100x8000000000000000321582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ddaddd4b2dd2d42021-12-17 12:32:31.064root 11241100x8000000000000000321583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41db5b0883d115cd2021-12-17 12:32:31.064root 11241100x8000000000000000321584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2644c3c27b8e272021-12-17 12:32:31.064root 11241100x8000000000000000321585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c6c30ee19b9e6c2021-12-17 12:32:31.064root 11241100x8000000000000000321586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521bc6f1d2a5ed8c2021-12-17 12:32:31.064root 11241100x8000000000000000321587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b693c949b3d007a2021-12-17 12:32:31.064root 11241100x8000000000000000321588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e91cb7a6b07a402021-12-17 12:32:31.064root 11241100x8000000000000000321589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d72014d2818eca2021-12-17 12:32:31.064root 11241100x8000000000000000321590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6d8a861e0650e32021-12-17 12:32:31.064root 11241100x8000000000000000321591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a71a391b3763a3c2021-12-17 12:32:31.064root 11241100x8000000000000000321592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7df33638fb96252021-12-17 12:32:31.064root 11241100x8000000000000000321593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7e043f5abb538c2021-12-17 12:32:31.065root 11241100x8000000000000000321594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c57f7d62eeb8032021-12-17 12:32:31.065root 11241100x8000000000000000321595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d091d64456f66f2021-12-17 12:32:31.065root 11241100x8000000000000000321596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb36d2ad994be682021-12-17 12:32:31.065root 11241100x8000000000000000321597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5744718825d750a22021-12-17 12:32:31.065root 11241100x8000000000000000321598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac286548c4f6b12e2021-12-17 12:32:31.065root 11241100x8000000000000000321599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cd79c180fa78ce2021-12-17 12:32:31.065root 11241100x8000000000000000321600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7120be07c95c915b2021-12-17 12:32:31.065root 11241100x8000000000000000321601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73937f32acd97582021-12-17 12:32:31.065root 11241100x8000000000000000321602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac398efb37e3cb2021-12-17 12:32:31.065root 11241100x8000000000000000321603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118a1c24af50727d2021-12-17 12:32:31.065root 11241100x8000000000000000321604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7de615e33b488b2021-12-17 12:32:31.558root 11241100x8000000000000000321605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e751028ab8ce1ad82021-12-17 12:32:31.558root 11241100x8000000000000000321606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ea4415de24703a2021-12-17 12:32:31.558root 11241100x8000000000000000321607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120d181a181c0bca2021-12-17 12:32:31.558root 11241100x8000000000000000321608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51451c2b02144b3a2021-12-17 12:32:31.558root 11241100x8000000000000000321609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69174c07fce9aa7b2021-12-17 12:32:31.558root 11241100x8000000000000000321610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6e05cc51a8e9f72021-12-17 12:32:31.558root 11241100x8000000000000000321611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d742233f9f7849062021-12-17 12:32:31.558root 11241100x8000000000000000321612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257e9b818c077a852021-12-17 12:32:31.558root 11241100x8000000000000000321613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb09e8d40c27a1022021-12-17 12:32:31.558root 11241100x8000000000000000321614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa4bbe1857250382021-12-17 12:32:31.558root 11241100x8000000000000000321615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660199158832646a2021-12-17 12:32:31.559root 11241100x8000000000000000321616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b5018243182f972021-12-17 12:32:31.559root 11241100x8000000000000000321617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62785bea80e0ceee2021-12-17 12:32:31.559root 11241100x8000000000000000321618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b679a2901f8f3bb2021-12-17 12:32:31.559root 11241100x8000000000000000321619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30180764c9fa0e1c2021-12-17 12:32:31.559root 11241100x8000000000000000321620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0d9bd66da6e0632021-12-17 12:32:31.559root 11241100x8000000000000000321621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cba78516de64132021-12-17 12:32:31.559root 11241100x8000000000000000321622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fd0435c3d4bb1a2021-12-17 12:32:31.559root 11241100x8000000000000000321623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b013bbd7b3d4ab992021-12-17 12:32:31.559root 11241100x8000000000000000321624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f267ef029a9eab922021-12-17 12:32:31.559root 11241100x8000000000000000321625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc7a1cf71f92b7b2021-12-17 12:32:31.559root 11241100x8000000000000000321626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95742ea2f3eb56802021-12-17 12:32:31.559root 11241100x8000000000000000321627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741ca1f53351769f2021-12-17 12:32:31.559root 11241100x8000000000000000321628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dfec790b0556762021-12-17 12:32:31.559root 11241100x8000000000000000321629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec838db0534ff97e2021-12-17 12:32:31.559root 11241100x8000000000000000321630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ce11414c2bd0ff2021-12-17 12:32:31.559root 11241100x8000000000000000321631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d78e5ae6331ad312021-12-17 12:32:31.560root 11241100x8000000000000000321632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d172dd6dafe47b492021-12-17 12:32:31.560root 11241100x8000000000000000321633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa55f84fcd54d6092021-12-17 12:32:31.560root 11241100x8000000000000000321634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f73cd581bf738d2021-12-17 12:32:31.560root 11241100x8000000000000000321635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357bdcbfd3060e5e2021-12-17 12:32:31.560root 11241100x8000000000000000321636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441526768fbbd98e2021-12-17 12:32:31.560root 11241100x8000000000000000321637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2525ee95835f27db2021-12-17 12:32:31.560root 11241100x8000000000000000321638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308dd1510c5748d42021-12-17 12:32:31.560root 11241100x8000000000000000321639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffa06876e8d64522021-12-17 12:32:31.560root 11241100x8000000000000000321640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da7b7411f870ce92021-12-17 12:32:31.560root 11241100x8000000000000000321641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b0fd09c2615d072021-12-17 12:32:31.560root 11241100x8000000000000000321642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:31.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3ae3d2309ebbdb2021-12-17 12:32:31.560root 11241100x8000000000000000321643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8debd26f8fa5bf512021-12-17 12:32:32.058root 11241100x8000000000000000321644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf0876ddfc4dea72021-12-17 12:32:32.058root 11241100x8000000000000000321645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd579886c42b9c5b2021-12-17 12:32:32.058root 11241100x8000000000000000321646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5aa22d912688a22021-12-17 12:32:32.058root 11241100x8000000000000000321647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c66074e84e741f2021-12-17 12:32:32.058root 11241100x8000000000000000321648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4899e969673d80c92021-12-17 12:32:32.058root 11241100x8000000000000000321649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af04d814493bab6a2021-12-17 12:32:32.058root 11241100x8000000000000000321650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab31644f4c192b92021-12-17 12:32:32.058root 11241100x8000000000000000321651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56aa4d5b65a754692021-12-17 12:32:32.058root 11241100x8000000000000000321652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bf400d2cfd805d2021-12-17 12:32:32.058root 11241100x8000000000000000321653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4378b5e3c8c78f7a2021-12-17 12:32:32.059root 11241100x8000000000000000321654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb95ad6e726cc502021-12-17 12:32:32.059root 11241100x8000000000000000321655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612b593650bcfbe12021-12-17 12:32:32.059root 11241100x8000000000000000321656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388d442dd87e72762021-12-17 12:32:32.059root 11241100x8000000000000000321657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1499a67fe6b98caa2021-12-17 12:32:32.059root 11241100x8000000000000000321658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d789944f2f11db8f2021-12-17 12:32:32.059root 11241100x8000000000000000321659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92224e2217d25da22021-12-17 12:32:32.059root 11241100x8000000000000000321660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55afff62678d4882021-12-17 12:32:32.059root 11241100x8000000000000000321661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f453bb6c84443e2021-12-17 12:32:32.059root 11241100x8000000000000000321662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b25befdda05efba2021-12-17 12:32:32.059root 11241100x8000000000000000321663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761d9821000c92632021-12-17 12:32:32.059root 11241100x8000000000000000321664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cae56c9cd3471f2021-12-17 12:32:32.059root 11241100x8000000000000000321665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8494997b702e0962021-12-17 12:32:32.059root 11241100x8000000000000000321666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3ce5512850b0be2021-12-17 12:32:32.059root 11241100x8000000000000000321667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f4eaefd7d854e22021-12-17 12:32:32.059root 11241100x8000000000000000321668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7784acb09e2ec0c52021-12-17 12:32:32.059root 11241100x8000000000000000321669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd4835ff9af72e42021-12-17 12:32:32.060root 11241100x8000000000000000321670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd085c3271c893222021-12-17 12:32:32.060root 11241100x8000000000000000321671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5d7574e4d6a8b32021-12-17 12:32:32.060root 11241100x8000000000000000321672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54296de4716505d12021-12-17 12:32:32.060root 11241100x8000000000000000321673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ffab0c0bf1fbb02021-12-17 12:32:32.060root 11241100x8000000000000000321674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dfc7a112b1ee302021-12-17 12:32:32.060root 11241100x8000000000000000321675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f2e7722c8d5efd2021-12-17 12:32:32.060root 11241100x8000000000000000321676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17f5f16fc608be82021-12-17 12:32:32.060root 11241100x8000000000000000321677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632dfbb3200d13fc2021-12-17 12:32:32.061root 11241100x8000000000000000321678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0185eecf7b6560cc2021-12-17 12:32:32.061root 11241100x8000000000000000321679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9288f6bb75b8a5022021-12-17 12:32:32.061root 11241100x8000000000000000321680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f32ba7e20034a62021-12-17 12:32:32.061root 11241100x8000000000000000321681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9369915246a383fd2021-12-17 12:32:32.061root 11241100x8000000000000000321682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b827d641b6bc61b92021-12-17 12:32:32.558root 11241100x8000000000000000321683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8851eca0ed1b90612021-12-17 12:32:32.558root 11241100x8000000000000000321684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ea9aa9f04a87e42021-12-17 12:32:32.558root 11241100x8000000000000000321685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243460b8351413822021-12-17 12:32:32.558root 11241100x8000000000000000321686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354e470b6b91573d2021-12-17 12:32:32.558root 11241100x8000000000000000321687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cee6c6747d50982021-12-17 12:32:32.558root 11241100x8000000000000000321688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592359c1f530eacc2021-12-17 12:32:32.558root 11241100x8000000000000000321689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171f2b6b45f46db52021-12-17 12:32:32.558root 11241100x8000000000000000321690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559e766d7d0620ea2021-12-17 12:32:32.558root 11241100x8000000000000000321691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c577ccee36b79e2021-12-17 12:32:32.558root 11241100x8000000000000000321692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781214e4a81bd9652021-12-17 12:32:32.558root 11241100x8000000000000000321693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b80d65dc5ececb22021-12-17 12:32:32.558root 11241100x8000000000000000321694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0be46115a196d9c2021-12-17 12:32:32.559root 11241100x8000000000000000321695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c824f120e297dfbf2021-12-17 12:32:32.559root 11241100x8000000000000000321696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b6a3b17ec587352021-12-17 12:32:32.559root 11241100x8000000000000000321697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bebaa6d8756bd62021-12-17 12:32:32.559root 11241100x8000000000000000321698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90b63b92cfdbf9e2021-12-17 12:32:32.559root 11241100x8000000000000000321699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8846d0d9715fb8b72021-12-17 12:32:32.559root 11241100x8000000000000000321700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56c04fcf4b63bee2021-12-17 12:32:32.559root 11241100x8000000000000000321701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be47c996db685c72021-12-17 12:32:32.559root 11241100x8000000000000000321702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b36bb484ede96e2021-12-17 12:32:32.559root 11241100x8000000000000000321703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6fe967c51066572021-12-17 12:32:32.559root 11241100x8000000000000000321704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74716b1598d1b422021-12-17 12:32:32.559root 11241100x8000000000000000321705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b55aa1bb6a65f82021-12-17 12:32:32.559root 11241100x8000000000000000321706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ffcfe93b1292aa2021-12-17 12:32:32.559root 11241100x8000000000000000321707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243432f26bd821712021-12-17 12:32:32.559root 11241100x8000000000000000321708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72969801e12f3ab22021-12-17 12:32:32.560root 11241100x8000000000000000321709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9237ccff163a5f92021-12-17 12:32:32.560root 11241100x8000000000000000321710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3018b667fc6b5c2021-12-17 12:32:32.560root 11241100x8000000000000000321711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c83ec011faefc882021-12-17 12:32:32.560root 11241100x8000000000000000321712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e72b68546eb0eb2021-12-17 12:32:32.560root 11241100x8000000000000000321713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd418a6803202102021-12-17 12:32:32.560root 11241100x8000000000000000321714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d591583ea45acf072021-12-17 12:32:32.560root 11241100x8000000000000000321715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84af12241b7a64372021-12-17 12:32:32.560root 11241100x8000000000000000321716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89069fca6f69b622021-12-17 12:32:32.560root 11241100x8000000000000000321717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ce24845c3ff7b52021-12-17 12:32:32.560root 11241100x8000000000000000321718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d81fe18c1bdbc42021-12-17 12:32:32.560root 11241100x8000000000000000321719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c46eedc0c51e14f2021-12-17 12:32:32.560root 11241100x8000000000000000321720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:32.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0344f916d33ea12021-12-17 12:32:32.560root 11241100x8000000000000000321721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17b2d3f9369609b2021-12-17 12:32:33.058root 11241100x8000000000000000321722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d6f9954cc75fd12021-12-17 12:32:33.058root 11241100x8000000000000000321723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967d64663021cb672021-12-17 12:32:33.058root 11241100x8000000000000000321724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419cbbb25c37d09f2021-12-17 12:32:33.058root 11241100x8000000000000000321725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd12e9e337ae53f2021-12-17 12:32:33.058root 11241100x8000000000000000321726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77ea77a2378eda52021-12-17 12:32:33.058root 11241100x8000000000000000321727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf68702b9b63681c2021-12-17 12:32:33.058root 11241100x8000000000000000321728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9179a7fc77b27b682021-12-17 12:32:33.058root 11241100x8000000000000000321729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da2a1a2390313422021-12-17 12:32:33.058root 11241100x8000000000000000321730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0aa8fb596c3d6b2021-12-17 12:32:33.058root 11241100x8000000000000000321731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577657c4923d663b2021-12-17 12:32:33.059root 11241100x8000000000000000321732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a653d4a1c928c582021-12-17 12:32:33.059root 11241100x8000000000000000321733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be978d0300d75b3b2021-12-17 12:32:33.059root 11241100x8000000000000000321734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c0c3c82af0d3142021-12-17 12:32:33.059root 11241100x8000000000000000321735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0142fb9df54b302021-12-17 12:32:33.059root 11241100x8000000000000000321736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52df78ed61ae9072021-12-17 12:32:33.059root 11241100x8000000000000000321737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6772903684b674972021-12-17 12:32:33.059root 11241100x8000000000000000321738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2865028b7fbb3ce22021-12-17 12:32:33.059root 11241100x8000000000000000321739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95fc80dd72225512021-12-17 12:32:33.059root 11241100x8000000000000000321740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d860572197d44402021-12-17 12:32:33.059root 11241100x8000000000000000321741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2ddcbc754277c72021-12-17 12:32:33.059root 11241100x8000000000000000321742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a17b2112662a7b2021-12-17 12:32:33.059root 11241100x8000000000000000321743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327481507087f28d2021-12-17 12:32:33.059root 11241100x8000000000000000321744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2091e546fc61ac902021-12-17 12:32:33.059root 11241100x8000000000000000321745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500706ba37acb41c2021-12-17 12:32:33.060root 11241100x8000000000000000321746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0d5134495c3dc22021-12-17 12:32:33.060root 11241100x8000000000000000321747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4c9ef283abe6562021-12-17 12:32:33.060root 11241100x8000000000000000321748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc86f3f380f808d12021-12-17 12:32:33.060root 11241100x8000000000000000321749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d141b76fd6b9f8af2021-12-17 12:32:33.060root 11241100x8000000000000000321750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceba71dc38d7c8392021-12-17 12:32:33.060root 11241100x8000000000000000321751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda3959b82086f412021-12-17 12:32:33.060root 11241100x8000000000000000321752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b483d4fb31f8982021-12-17 12:32:33.060root 11241100x8000000000000000321753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad639db8f33d64202021-12-17 12:32:33.060root 11241100x8000000000000000321754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3746842be75c68b22021-12-17 12:32:33.060root 11241100x8000000000000000321755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61834b1ba726ffb2021-12-17 12:32:33.061root 11241100x8000000000000000321756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d245e91291455232021-12-17 12:32:33.061root 11241100x8000000000000000321757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d29b015684bb212021-12-17 12:32:33.061root 11241100x8000000000000000321758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaacb1c243b1e9e2021-12-17 12:32:33.061root 11241100x8000000000000000321759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe94678e995da482021-12-17 12:32:33.061root 23542300x8000000000000000321760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.169{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000321761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0291a686071a7eb22021-12-17 12:32:33.558root 11241100x8000000000000000321762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3c8f8214fe0d012021-12-17 12:32:33.558root 11241100x8000000000000000321763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74899ae54098b5b2021-12-17 12:32:33.558root 11241100x8000000000000000321764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0799ef9069dade672021-12-17 12:32:33.558root 11241100x8000000000000000321765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303f63765d84bb452021-12-17 12:32:33.558root 11241100x8000000000000000321766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dc3e700d284d472021-12-17 12:32:33.558root 11241100x8000000000000000321767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3619e6e60127cede2021-12-17 12:32:33.558root 11241100x8000000000000000321768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9d51fd049bcfa32021-12-17 12:32:33.558root 11241100x8000000000000000321769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005cd6900ec0a1332021-12-17 12:32:33.558root 11241100x8000000000000000321770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0847df75e878ba0f2021-12-17 12:32:33.558root 11241100x8000000000000000321771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861fd91a9a2b20112021-12-17 12:32:33.558root 11241100x8000000000000000321772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc488d082337f6c2021-12-17 12:32:33.559root 11241100x8000000000000000321773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aec4abe256dcf02021-12-17 12:32:33.559root 11241100x8000000000000000321774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ed3388013065f22021-12-17 12:32:33.559root 11241100x8000000000000000321775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8ea7d71636043c2021-12-17 12:32:33.559root 11241100x8000000000000000321776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c139bfe128817a62021-12-17 12:32:33.559root 11241100x8000000000000000321777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127e7fb1d6cf5cdc2021-12-17 12:32:33.559root 11241100x8000000000000000321778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a51f64e64c4b152021-12-17 12:32:33.559root 11241100x8000000000000000321779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03628d7a560eddd2021-12-17 12:32:33.559root 11241100x8000000000000000321780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e474ccecc1455f2021-12-17 12:32:33.559root 11241100x8000000000000000321781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5489e5ad87b656f2021-12-17 12:32:33.560root 11241100x8000000000000000321782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878498ba67250ee22021-12-17 12:32:33.560root 11241100x8000000000000000321783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde4692a3afd6b412021-12-17 12:32:33.560root 11241100x8000000000000000321784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54081419db13be4e2021-12-17 12:32:33.560root 11241100x8000000000000000321785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55db5afc2443c572021-12-17 12:32:33.560root 11241100x8000000000000000321786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3744b32df332bd2021-12-17 12:32:33.560root 11241100x8000000000000000321787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc582b0d51b921202021-12-17 12:32:33.560root 11241100x8000000000000000321788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966704e84c5774a92021-12-17 12:32:33.560root 11241100x8000000000000000321789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548c67f523b8fa6d2021-12-17 12:32:33.560root 11241100x8000000000000000321790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4439cd6d8fc100b2021-12-17 12:32:33.560root 11241100x8000000000000000321791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a6f8438a0c65962021-12-17 12:32:33.560root 11241100x8000000000000000321792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072582b32650f3f82021-12-17 12:32:33.560root 11241100x8000000000000000321793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91a748973d57db72021-12-17 12:32:33.560root 11241100x8000000000000000321794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1386230976732f2021-12-17 12:32:33.560root 11241100x8000000000000000321795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9341b942440d7c342021-12-17 12:32:33.560root 11241100x8000000000000000321796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01175381efb265142021-12-17 12:32:33.561root 11241100x8000000000000000321797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330bde163b4f5a782021-12-17 12:32:33.561root 11241100x8000000000000000321798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130bfb5f834473e22021-12-17 12:32:33.561root 11241100x8000000000000000321799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ff0acc91892f582021-12-17 12:32:33.561root 11241100x8000000000000000321800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:33.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463c50937e2e46bb2021-12-17 12:32:33.561root 11241100x8000000000000000321801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70339329001632442021-12-17 12:32:34.059root 11241100x8000000000000000321802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108fd6158ae8d4522021-12-17 12:32:34.059root 11241100x8000000000000000321803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1670d2cf37815dc42021-12-17 12:32:34.059root 11241100x8000000000000000321804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71daf38cda85f1e2021-12-17 12:32:34.059root 11241100x8000000000000000321805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0749b0259d2f6662021-12-17 12:32:34.059root 11241100x8000000000000000321806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d7dc0edbb87e262021-12-17 12:32:34.060root 11241100x8000000000000000321807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc3e8baf68035202021-12-17 12:32:34.060root 11241100x8000000000000000321808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d559d695a4a00712021-12-17 12:32:34.060root 11241100x8000000000000000321809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40bd0c68518e7472021-12-17 12:32:34.060root 11241100x8000000000000000321810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac8ee36e90ff0a22021-12-17 12:32:34.060root 11241100x8000000000000000321811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c974559cbf1b5dc52021-12-17 12:32:34.060root 11241100x8000000000000000321812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1a0c96c8b928172021-12-17 12:32:34.060root 11241100x8000000000000000321813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db82d5df7f29abbc2021-12-17 12:32:34.060root 11241100x8000000000000000321814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e439273057197152021-12-17 12:32:34.061root 11241100x8000000000000000321815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64ee86ccbe1fbb42021-12-17 12:32:34.061root 11241100x8000000000000000321816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5810f77051afe62021-12-17 12:32:34.061root 11241100x8000000000000000321817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a1daa38a2e1ba52021-12-17 12:32:34.061root 11241100x8000000000000000321818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8075ba420bcf17c32021-12-17 12:32:34.061root 11241100x8000000000000000321819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d049317126594772021-12-17 12:32:34.061root 11241100x8000000000000000321820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db4d1b977d5e65a2021-12-17 12:32:34.062root 11241100x8000000000000000321821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d8735a8bd2e7772021-12-17 12:32:34.062root 11241100x8000000000000000321822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ac607ed2eca1cf2021-12-17 12:32:34.062root 11241100x8000000000000000321823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfcc23b604ad9eb2021-12-17 12:32:34.062root 11241100x8000000000000000321824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8e5f55fc4c3dd92021-12-17 12:32:34.062root 11241100x8000000000000000321825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f847abd467ad5f12021-12-17 12:32:34.062root 11241100x8000000000000000321826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2047d095252aad2021-12-17 12:32:34.066root 11241100x8000000000000000321827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a67ffbba24ea3992021-12-17 12:32:34.066root 11241100x8000000000000000321828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f250a244cf278a12021-12-17 12:32:34.066root 11241100x8000000000000000321829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7d9331d02e2aa42021-12-17 12:32:34.067root 11241100x8000000000000000321830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5758e326940592902021-12-17 12:32:34.067root 11241100x8000000000000000321831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d17be8eb7fde5f2021-12-17 12:32:34.067root 11241100x8000000000000000321832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c6b6c88259f89f2021-12-17 12:32:34.067root 11241100x8000000000000000321833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f7fc1c0db04c762021-12-17 12:32:34.067root 11241100x8000000000000000321834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfc4b109fe756102021-12-17 12:32:34.067root 11241100x8000000000000000321835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee364034aa7574742021-12-17 12:32:34.067root 11241100x8000000000000000321836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1d6dc7c86d0afc2021-12-17 12:32:34.067root 11241100x8000000000000000321837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe079d951ff31e282021-12-17 12:32:34.067root 11241100x8000000000000000321838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f6a7deac99e4102021-12-17 12:32:34.067root 11241100x8000000000000000321839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7d56de9bc88f882021-12-17 12:32:34.072root 11241100x8000000000000000321840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1563392505d61b2021-12-17 12:32:34.072root 11241100x8000000000000000321841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0210ba2903e1752021-12-17 12:32:34.558root 11241100x8000000000000000321842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee359c78abc21f362021-12-17 12:32:34.558root 11241100x8000000000000000321843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a6f90da7dca0932021-12-17 12:32:34.558root 11241100x8000000000000000321844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5ef194815525b32021-12-17 12:32:34.558root 11241100x8000000000000000321845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c411d2b6f98afb2021-12-17 12:32:34.558root 11241100x8000000000000000321846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146c2068b2735c9f2021-12-17 12:32:34.558root 11241100x8000000000000000321847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b753154691f9a1f82021-12-17 12:32:34.558root 11241100x8000000000000000321848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5775144bb9bc33812021-12-17 12:32:34.559root 11241100x8000000000000000321849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c4f423906491d32021-12-17 12:32:34.559root 11241100x8000000000000000321850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943947989aa5b9fa2021-12-17 12:32:34.559root 11241100x8000000000000000321851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f38af38f4e1fa5f2021-12-17 12:32:34.559root 11241100x8000000000000000321852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e2a54869f1d35d2021-12-17 12:32:34.559root 11241100x8000000000000000321853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58e54d3b21f101d2021-12-17 12:32:34.559root 11241100x8000000000000000321854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa31c4477516fe52021-12-17 12:32:34.559root 11241100x8000000000000000321855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b5cc2abce310f12021-12-17 12:32:34.559root 11241100x8000000000000000321856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69771033c1dee88e2021-12-17 12:32:34.559root 11241100x8000000000000000321857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9e75dad54462442021-12-17 12:32:34.559root 11241100x8000000000000000321858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d15d941102ed56b2021-12-17 12:32:34.560root 11241100x8000000000000000321859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735bca2e9e4e9cc12021-12-17 12:32:34.560root 11241100x8000000000000000321860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5dd233920a3c9c2021-12-17 12:32:34.560root 11241100x8000000000000000321861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bbece66d05c09d2021-12-17 12:32:34.560root 11241100x8000000000000000321862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3f27ee22a7f3202021-12-17 12:32:34.560root 11241100x8000000000000000321863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e376dfe4c72cc1802021-12-17 12:32:34.560root 11241100x8000000000000000321864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ee36cd052b570e2021-12-17 12:32:34.560root 11241100x8000000000000000321865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be6972b5ea3583c2021-12-17 12:32:34.560root 11241100x8000000000000000321866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4195a577d192f572021-12-17 12:32:34.560root 11241100x8000000000000000321867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f631fddf031e425d2021-12-17 12:32:34.561root 11241100x8000000000000000321868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeb77c2d7dfd8362021-12-17 12:32:34.561root 11241100x8000000000000000321869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482c24d5a8bf588a2021-12-17 12:32:34.561root 11241100x8000000000000000321870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61919b5047c895cd2021-12-17 12:32:34.561root 11241100x8000000000000000321871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55693d58066738ed2021-12-17 12:32:34.561root 11241100x8000000000000000321872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f0ff95b7d51c282021-12-17 12:32:34.561root 11241100x8000000000000000321873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305491bc68125f022021-12-17 12:32:34.561root 11241100x8000000000000000321874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36317412ba0db76c2021-12-17 12:32:34.562root 11241100x8000000000000000321875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5856358e2a385b952021-12-17 12:32:34.562root 11241100x8000000000000000321876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6accdc4efb12ab1b2021-12-17 12:32:34.562root 11241100x8000000000000000321877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55db050125dd075d2021-12-17 12:32:34.562root 11241100x8000000000000000321878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e24922513fb5752021-12-17 12:32:34.562root 11241100x8000000000000000321879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d20f74e48575752021-12-17 12:32:34.562root 11241100x8000000000000000321880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:34.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6554703a74ae302021-12-17 12:32:34.562root 11241100x8000000000000000321881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd27942c8297e492021-12-17 12:32:35.058root 11241100x8000000000000000321882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932965d53764f1a52021-12-17 12:32:35.058root 11241100x8000000000000000321883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3417ff606d98d42021-12-17 12:32:35.058root 11241100x8000000000000000321884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746576f1756881ff2021-12-17 12:32:35.058root 11241100x8000000000000000321885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62588ba6b02c3a242021-12-17 12:32:35.058root 11241100x8000000000000000321886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75b907356ce183a2021-12-17 12:32:35.058root 11241100x8000000000000000321887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65a3933d0a517442021-12-17 12:32:35.058root 11241100x8000000000000000321888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45451fea455321b2021-12-17 12:32:35.058root 11241100x8000000000000000321889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2671415023bfbbc52021-12-17 12:32:35.059root 11241100x8000000000000000321890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659248dd5908d7242021-12-17 12:32:35.059root 11241100x8000000000000000321891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ec0837ab888ec12021-12-17 12:32:35.059root 11241100x8000000000000000321892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d959de9cf4f533812021-12-17 12:32:35.059root 11241100x8000000000000000321893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bfd406163967662021-12-17 12:32:35.059root 11241100x8000000000000000321894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5989b95601eaf562021-12-17 12:32:35.059root 11241100x8000000000000000321895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08ab454fb3acd0d2021-12-17 12:32:35.059root 11241100x8000000000000000321896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08310c045847e3e2021-12-17 12:32:35.059root 11241100x8000000000000000321897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efc6348efabe7c32021-12-17 12:32:35.059root 11241100x8000000000000000321898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4168d8baa0974bb02021-12-17 12:32:35.059root 11241100x8000000000000000321899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d431251ece87d6522021-12-17 12:32:35.060root 11241100x8000000000000000321900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e925c5c3278fd0e2021-12-17 12:32:35.060root 11241100x8000000000000000321901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084bde5badd9a5692021-12-17 12:32:35.060root 11241100x8000000000000000321902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454c307d1abe5eae2021-12-17 12:32:35.060root 11241100x8000000000000000321903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11a8760de5bef112021-12-17 12:32:35.060root 11241100x8000000000000000321904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b077d2d5062b9282021-12-17 12:32:35.060root 11241100x8000000000000000321905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609b080b843758d62021-12-17 12:32:35.060root 11241100x8000000000000000321906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67706935c3db10b2021-12-17 12:32:35.060root 11241100x8000000000000000321907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1686f8f3739a085c2021-12-17 12:32:35.061root 11241100x8000000000000000321908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1a9c5bb357131f2021-12-17 12:32:35.061root 11241100x8000000000000000321909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523cc54308a293f22021-12-17 12:32:35.061root 11241100x8000000000000000321910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d6d40a65bf7b952021-12-17 12:32:35.061root 11241100x8000000000000000321911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce42c7b8144dce082021-12-17 12:32:35.061root 11241100x8000000000000000321912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5427918ea1c1725b2021-12-17 12:32:35.061root 11241100x8000000000000000321913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7567a8301730e12021-12-17 12:32:35.061root 11241100x8000000000000000321914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f51c27b28ba3bdc2021-12-17 12:32:35.061root 11241100x8000000000000000321915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae83a93570f0b122021-12-17 12:32:35.062root 11241100x8000000000000000321916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0550a3021457473b2021-12-17 12:32:35.062root 11241100x8000000000000000321917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0ea92dca9ccee82021-12-17 12:32:35.062root 11241100x8000000000000000321918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9266731862f0cb3f2021-12-17 12:32:35.062root 11241100x8000000000000000321919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddfa8a1f23ad79a2021-12-17 12:32:35.062root 11241100x8000000000000000321920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b494dce6533434f22021-12-17 12:32:35.062root 354300x8000000000000000321921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.147{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-44536-false10.0.1.12-8000- 11241100x8000000000000000321922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7df7ec0b10d2062021-12-17 12:32:35.558root 11241100x8000000000000000321923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35f90f45feb41fa2021-12-17 12:32:35.558root 11241100x8000000000000000321924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27911f805cf2df982021-12-17 12:32:35.558root 11241100x8000000000000000321925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce97bfe01ea52ef72021-12-17 12:32:35.558root 11241100x8000000000000000321926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3505ae361c4d6d262021-12-17 12:32:35.558root 11241100x8000000000000000321927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0102514f6306c9872021-12-17 12:32:35.558root 11241100x8000000000000000321928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae167deb89f1ddc2021-12-17 12:32:35.558root 11241100x8000000000000000321929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c0cfcfc7552e3d2021-12-17 12:32:35.558root 11241100x8000000000000000321930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fc65086cf267b12021-12-17 12:32:35.559root 11241100x8000000000000000321931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d586aa5b46fbb6e22021-12-17 12:32:35.559root 11241100x8000000000000000321932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541dbd62f818d37c2021-12-17 12:32:35.559root 11241100x8000000000000000321933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e3d50e3c2a01a42021-12-17 12:32:35.559root 11241100x8000000000000000321934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fafc0d6369039fb2021-12-17 12:32:35.559root 11241100x8000000000000000321935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d38a4a44c8a4102021-12-17 12:32:35.559root 11241100x8000000000000000321936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8ddd43933470442021-12-17 12:32:35.559root 11241100x8000000000000000321937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0603df550463392021-12-17 12:32:35.560root 11241100x8000000000000000321938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a356e040ae047522021-12-17 12:32:35.560root 11241100x8000000000000000321939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499420a095a463352021-12-17 12:32:35.560root 11241100x8000000000000000321940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217967d7a188e9d42021-12-17 12:32:35.560root 11241100x8000000000000000321941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d9ff8feade64ff2021-12-17 12:32:35.560root 11241100x8000000000000000321942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5da0222fabe4ac2021-12-17 12:32:35.560root 11241100x8000000000000000321943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa5c01f4133bcb52021-12-17 12:32:35.560root 11241100x8000000000000000321944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e9d106bb8d526f2021-12-17 12:32:35.560root 11241100x8000000000000000321945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9241a5edac985542021-12-17 12:32:35.561root 11241100x8000000000000000321946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f8886db05cd0bc2021-12-17 12:32:35.561root 11241100x8000000000000000321947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5142d19f4267abc22021-12-17 12:32:35.561root 11241100x8000000000000000321948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8018b23f41dde1432021-12-17 12:32:35.561root 11241100x8000000000000000321949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62535e63fe9d40c02021-12-17 12:32:35.561root 11241100x8000000000000000321950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79ce8d44591d3df2021-12-17 12:32:35.561root 11241100x8000000000000000321951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbab531d17e59e92021-12-17 12:32:35.561root 11241100x8000000000000000321952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3b34008b1cd5672021-12-17 12:32:35.561root 11241100x8000000000000000321953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1606f51ef6dbcd8f2021-12-17 12:32:35.562root 11241100x8000000000000000321954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794fdfcfafe7d3b82021-12-17 12:32:35.562root 11241100x8000000000000000321955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8ce08d18007b8d2021-12-17 12:32:35.562root 11241100x8000000000000000321956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a00ed4dec66f8962021-12-17 12:32:35.562root 11241100x8000000000000000321957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67db7f18d9691f72021-12-17 12:32:35.562root 11241100x8000000000000000321958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b82435681c320022021-12-17 12:32:35.562root 11241100x8000000000000000321959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ff111c22642af2021-12-17 12:32:35.563root 11241100x8000000000000000321960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fdec925e02003f2021-12-17 12:32:35.563root 11241100x8000000000000000321961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f102a47999d6c09f2021-12-17 12:32:35.563root 11241100x8000000000000000321962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:35.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6bbd03eb87a7112021-12-17 12:32:35.563root 11241100x8000000000000000321963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461af0b14518a4d02021-12-17 12:32:36.056root 11241100x8000000000000000321964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a7a29d2a16b6672021-12-17 12:32:36.056root 11241100x8000000000000000321965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d12849b5ebd9362021-12-17 12:32:36.056root 11241100x8000000000000000321966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea16fe3b878207982021-12-17 12:32:36.056root 11241100x8000000000000000321967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc72c0910cc15e22021-12-17 12:32:36.057root 11241100x8000000000000000321968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a98b308b11d6742021-12-17 12:32:36.057root 11241100x8000000000000000321969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdd4e21c9cf80202021-12-17 12:32:36.057root 11241100x8000000000000000321970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b553d28706a7fe6e2021-12-17 12:32:36.057root 11241100x8000000000000000321971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a422c8863974b72021-12-17 12:32:36.057root 11241100x8000000000000000321972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f04b6558008945e2021-12-17 12:32:36.057root 11241100x8000000000000000321973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f14798ec693c29e2021-12-17 12:32:36.057root 11241100x8000000000000000321974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cd314988ab26b82021-12-17 12:32:36.057root 11241100x8000000000000000321975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277a1fce63790ec42021-12-17 12:32:36.057root 11241100x8000000000000000321976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92b145ab715dd6f2021-12-17 12:32:36.057root 11241100x8000000000000000321977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7328eca815b450a2021-12-17 12:32:36.057root 11241100x8000000000000000321978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa065d7d0deb457d2021-12-17 12:32:36.058root 11241100x8000000000000000321979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f1cf2b9cabb15c2021-12-17 12:32:36.059root 11241100x8000000000000000321980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5d50dfa5244def2021-12-17 12:32:36.059root 11241100x8000000000000000321981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68d27e80066c70c2021-12-17 12:32:36.059root 11241100x8000000000000000321982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9cb7ce38b725242021-12-17 12:32:36.060root 11241100x8000000000000000321983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5652ad39ac46bfc22021-12-17 12:32:36.060root 11241100x8000000000000000321984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c55827d1106dff2021-12-17 12:32:36.060root 11241100x8000000000000000321985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c165606e6cd447ef2021-12-17 12:32:36.060root 11241100x8000000000000000321986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac62938ac4b9dde02021-12-17 12:32:36.060root 11241100x8000000000000000321987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6e6fb12eaf6c682021-12-17 12:32:36.060root 11241100x8000000000000000321988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4bdd4376d842f22021-12-17 12:32:36.060root 11241100x8000000000000000321989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5c2f04c3a539c62021-12-17 12:32:36.061root 11241100x8000000000000000321990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb62d717647c329e2021-12-17 12:32:36.061root 11241100x8000000000000000321991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d886bd05df067992021-12-17 12:32:36.061root 11241100x8000000000000000321992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145f3fe32101161b2021-12-17 12:32:36.061root 11241100x8000000000000000321993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc2fe57e7e32e1b2021-12-17 12:32:36.061root 11241100x8000000000000000321994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2767527d370a4c5b2021-12-17 12:32:36.061root 11241100x8000000000000000321995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8467d8f9268f9cc2021-12-17 12:32:36.061root 11241100x8000000000000000321996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625d0707da7468972021-12-17 12:32:36.061root 11241100x8000000000000000321997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef7677bdb544f6e2021-12-17 12:32:36.061root 11241100x8000000000000000321998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dac72a56cc744782021-12-17 12:32:36.061root 11241100x8000000000000000321999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5fc9af2487e5392021-12-17 12:32:36.062root 11241100x8000000000000000322000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705c9f6a83d282fc2021-12-17 12:32:36.062root 11241100x8000000000000000322001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f29e3d70f7b6a52021-12-17 12:32:36.064root 11241100x8000000000000000322002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c857a76e0116002021-12-17 12:32:36.064root 11241100x8000000000000000322003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a32be254f8bde82021-12-17 12:32:36.064root 11241100x8000000000000000322004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2b2a4020e6c9672021-12-17 12:32:36.064root 11241100x8000000000000000322005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5968a64f9c532a92021-12-17 12:32:36.064root 11241100x8000000000000000322006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce79ece92287dc22021-12-17 12:32:36.065root 11241100x8000000000000000322007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a473752905646c2021-12-17 12:32:36.065root 11241100x8000000000000000322008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f287a1195ba5392021-12-17 12:32:36.065root 11241100x8000000000000000322009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a61a55834988172021-12-17 12:32:36.065root 11241100x8000000000000000322010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126bd743b06caeea2021-12-17 12:32:36.065root 11241100x8000000000000000322011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d220e97da93faa2021-12-17 12:32:36.065root 11241100x8000000000000000322012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5f7c48409e54552021-12-17 12:32:36.065root 11241100x8000000000000000322013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8513bb0a751500822021-12-17 12:32:36.065root 11241100x8000000000000000322014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a2e35c782367ef2021-12-17 12:32:36.066root 11241100x8000000000000000322015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082b69a068b969ba2021-12-17 12:32:36.066root 11241100x8000000000000000322016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62cafa00a10b1c62021-12-17 12:32:36.066root 11241100x8000000000000000322017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54565b1cf03633a92021-12-17 12:32:36.066root 11241100x8000000000000000322018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa143aad646b76b62021-12-17 12:32:36.066root 11241100x8000000000000000322019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1942189f941e682021-12-17 12:32:36.066root 11241100x8000000000000000322020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76defc94dff664a52021-12-17 12:32:36.066root 11241100x8000000000000000322021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab73e635bd4a49c52021-12-17 12:32:36.066root 11241100x8000000000000000322022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b9f88c8fc4452d2021-12-17 12:32:36.066root 11241100x8000000000000000322023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9217775e16894c142021-12-17 12:32:36.558root 11241100x8000000000000000322024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b168edc19066c79b2021-12-17 12:32:36.558root 11241100x8000000000000000322025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de54b54e747c3ee92021-12-17 12:32:36.558root 11241100x8000000000000000322026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a8616a667ad88d2021-12-17 12:32:36.558root 11241100x8000000000000000322027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d20998635245fa2021-12-17 12:32:36.558root 11241100x8000000000000000322028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1812b3bc2d768ca2021-12-17 12:32:36.558root 11241100x8000000000000000322029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e649c138af2ece2021-12-17 12:32:36.559root 11241100x8000000000000000322030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee0cb80cef01c722021-12-17 12:32:36.559root 11241100x8000000000000000322031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894d8b4b54f36c862021-12-17 12:32:36.559root 11241100x8000000000000000322032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e058c2ecc35bbbb2021-12-17 12:32:36.559root 11241100x8000000000000000322033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e374c6c294473a2021-12-17 12:32:36.559root 11241100x8000000000000000322034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6849efc6a6c73642021-12-17 12:32:36.559root 11241100x8000000000000000322035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ea6eadd2ac2ecb2021-12-17 12:32:36.559root 11241100x8000000000000000322036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784f0a75df0862602021-12-17 12:32:36.559root 11241100x8000000000000000322037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac5f290d5e6fb6b2021-12-17 12:32:36.559root 11241100x8000000000000000322038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c1891769a760782021-12-17 12:32:36.559root 11241100x8000000000000000322039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480ab3fce579b3222021-12-17 12:32:36.559root 11241100x8000000000000000322040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07241e389a0208292021-12-17 12:32:36.559root 11241100x8000000000000000322041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dd0f385df2ffd02021-12-17 12:32:36.559root 11241100x8000000000000000322042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d7889fd23ce2282021-12-17 12:32:36.559root 11241100x8000000000000000322043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197b1eb2109641ff2021-12-17 12:32:36.559root 11241100x8000000000000000322044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee79dae4bc06c252021-12-17 12:32:36.559root 11241100x8000000000000000322045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde624bd6a5400722021-12-17 12:32:36.560root 11241100x8000000000000000322046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbbf6e6008083482021-12-17 12:32:36.560root 11241100x8000000000000000322047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527f578d748987a02021-12-17 12:32:36.560root 11241100x8000000000000000322048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc4d7f54a911b842021-12-17 12:32:36.560root 11241100x8000000000000000322049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c5e5463d6378ad2021-12-17 12:32:36.560root 11241100x8000000000000000322050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8d2bdf62713bae2021-12-17 12:32:36.560root 11241100x8000000000000000322051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20839fca9768202f2021-12-17 12:32:36.560root 11241100x8000000000000000322052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d9292093cc18782021-12-17 12:32:36.560root 11241100x8000000000000000322053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691673f6c7ebfecd2021-12-17 12:32:36.560root 11241100x8000000000000000322054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4195c3e28524314c2021-12-17 12:32:36.560root 11241100x8000000000000000322055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb24a4d51cb067c2021-12-17 12:32:36.560root 11241100x8000000000000000322056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de06d95b6068fbc82021-12-17 12:32:36.560root 11241100x8000000000000000322057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abbabb8d72c02c82021-12-17 12:32:36.560root 11241100x8000000000000000322058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5df791b6dabe92d2021-12-17 12:32:36.560root 11241100x8000000000000000322059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a21865723f0de6a2021-12-17 12:32:36.560root 11241100x8000000000000000322060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f934f4d990a6f0542021-12-17 12:32:36.560root 11241100x8000000000000000322061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088284c63f9d1dc52021-12-17 12:32:36.561root 11241100x8000000000000000322062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5715730005125762021-12-17 12:32:36.561root 11241100x8000000000000000322063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bd43c72bf34fa32021-12-17 12:32:36.561root 11241100x8000000000000000322064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:36.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8aee516099e1e12021-12-17 12:32:36.561root 11241100x8000000000000000322065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552e5173fa4384832021-12-17 12:32:37.057root 11241100x8000000000000000322066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d335fb226046c82021-12-17 12:32:37.057root 11241100x8000000000000000322067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d016bcce7c6b3d2021-12-17 12:32:37.057root 11241100x8000000000000000322068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9884fe725edda9b72021-12-17 12:32:37.057root 11241100x8000000000000000322069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b16763d34691422021-12-17 12:32:37.057root 11241100x8000000000000000322070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c023d2a0f1aa93a82021-12-17 12:32:37.057root 11241100x8000000000000000322071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffdb1045761f6992021-12-17 12:32:37.057root 11241100x8000000000000000322072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861551f31d8e23992021-12-17 12:32:37.057root 11241100x8000000000000000322073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4902bed8da67d8e2021-12-17 12:32:37.057root 11241100x8000000000000000322074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6319d3f810b0e6b52021-12-17 12:32:37.057root 11241100x8000000000000000322075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82797e628b7808d2021-12-17 12:32:37.057root 11241100x8000000000000000322076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b722c61821c8c82021-12-17 12:32:37.058root 11241100x8000000000000000322077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4435f64ba563b6432021-12-17 12:32:37.058root 11241100x8000000000000000322078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787c5601f5638d802021-12-17 12:32:37.058root 11241100x8000000000000000322079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae57453827df0542021-12-17 12:32:37.058root 11241100x8000000000000000322080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8252303ce3e69b32021-12-17 12:32:37.058root 11241100x8000000000000000322081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93272953d6dcce2e2021-12-17 12:32:37.058root 11241100x8000000000000000322082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4535f5830ddd532021-12-17 12:32:37.058root 11241100x8000000000000000322083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6888fe6907a700f72021-12-17 12:32:37.058root 11241100x8000000000000000322084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89fbf710d71db6f2021-12-17 12:32:37.058root 11241100x8000000000000000322085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c82ae07ba06d8082021-12-17 12:32:37.058root 11241100x8000000000000000322086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5f3ca8a3fb05022021-12-17 12:32:37.058root 11241100x8000000000000000322087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b821976ccc6d52d2021-12-17 12:32:37.058root 11241100x8000000000000000322088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861499e4982260192021-12-17 12:32:37.058root 11241100x8000000000000000322089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04271d109c3ff57e2021-12-17 12:32:37.058root 11241100x8000000000000000322090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1e739efed191c42021-12-17 12:32:37.058root 11241100x8000000000000000322091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a9af686a0bedb72021-12-17 12:32:37.058root 11241100x8000000000000000322092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8081543399b514252021-12-17 12:32:37.059root 11241100x8000000000000000322093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb89def064b57c412021-12-17 12:32:37.059root 11241100x8000000000000000322094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83141d8b5a536d42021-12-17 12:32:37.059root 11241100x8000000000000000322095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dceeb8e4d4323c2021-12-17 12:32:37.059root 11241100x8000000000000000322096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80a2d6729688e852021-12-17 12:32:37.059root 11241100x8000000000000000322097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bedc230ab3d8c62021-12-17 12:32:37.059root 11241100x8000000000000000322098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea77309f47cb6292021-12-17 12:32:37.059root 11241100x8000000000000000322099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315e6114fad97bde2021-12-17 12:32:37.059root 11241100x8000000000000000322100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30309d3e6d8e0852021-12-17 12:32:37.059root 11241100x8000000000000000322101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe2129fcc9c54ed2021-12-17 12:32:37.059root 11241100x8000000000000000322102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311e6de21161f6a2021-12-17 12:32:37.059root 11241100x8000000000000000322103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b980ba59485291142021-12-17 12:32:37.059root 11241100x8000000000000000322104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00602420e031daf32021-12-17 12:32:37.059root 11241100x8000000000000000322105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e424cc6fb658ccdd2021-12-17 12:32:37.059root 11241100x8000000000000000322106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b87837bdb9c41482021-12-17 12:32:37.059root 11241100x8000000000000000322107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d635b2d7a07fd8b2021-12-17 12:32:37.060root 11241100x8000000000000000322108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bcf1c048cc7ee42021-12-17 12:32:37.060root 11241100x8000000000000000322109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3a1d365262c05e2021-12-17 12:32:37.060root 11241100x8000000000000000322110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2f7ae0185d8d5d2021-12-17 12:32:37.060root 11241100x8000000000000000322111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee097dd768989172021-12-17 12:32:37.060root 11241100x8000000000000000322112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcafd20bfb0f6c12021-12-17 12:32:37.060root 11241100x8000000000000000322113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf130e1a10f1278f2021-12-17 12:32:37.060root 11241100x8000000000000000322114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a590296deaeb4122021-12-17 12:32:37.060root 11241100x8000000000000000322115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20f92401fdfa9162021-12-17 12:32:37.060root 11241100x8000000000000000322116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919d40c84288dc622021-12-17 12:32:37.557root 11241100x8000000000000000322117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6c2d3755b88a3a2021-12-17 12:32:37.557root 11241100x8000000000000000322118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726241976051f1012021-12-17 12:32:37.557root 11241100x8000000000000000322119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb6d2ba2e8a34062021-12-17 12:32:37.557root 11241100x8000000000000000322120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcb97de5911cecf2021-12-17 12:32:37.557root 11241100x8000000000000000322121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d78d3bc069a5f102021-12-17 12:32:37.557root 11241100x8000000000000000322122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef00fd76485ce792021-12-17 12:32:37.557root 11241100x8000000000000000322123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904dca8847a477d12021-12-17 12:32:37.557root 11241100x8000000000000000322124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e22ed0425b391532021-12-17 12:32:37.557root 11241100x8000000000000000322125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987b20746fda06d62021-12-17 12:32:37.558root 11241100x8000000000000000322126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a42c6c73c1e622d2021-12-17 12:32:37.558root 11241100x8000000000000000322127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8dbb5e4e861e9f2021-12-17 12:32:37.558root 11241100x8000000000000000322128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6135b57ee7a5f0512021-12-17 12:32:37.558root 11241100x8000000000000000322129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385e7008bd6283732021-12-17 12:32:37.558root 11241100x8000000000000000322130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98d26b2786533912021-12-17 12:32:37.558root 11241100x8000000000000000322131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be66e37b1650023b2021-12-17 12:32:37.558root 11241100x8000000000000000322132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39197fe078cd8fdc2021-12-17 12:32:37.558root 11241100x8000000000000000322133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d088aa88b5aa7b4f2021-12-17 12:32:37.558root 11241100x8000000000000000322134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e1ddf961d982ed2021-12-17 12:32:37.558root 11241100x8000000000000000322135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287d6ea7404098892021-12-17 12:32:37.558root 11241100x8000000000000000322136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2dea3a7b0d14802021-12-17 12:32:37.559root 11241100x8000000000000000322137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd1152b8de45a1a2021-12-17 12:32:37.559root 11241100x8000000000000000322138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3420c8b3c3e6193c2021-12-17 12:32:37.559root 11241100x8000000000000000322139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f98e61fe4d1a722021-12-17 12:32:37.559root 11241100x8000000000000000322140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef6e5d2abd41d862021-12-17 12:32:37.559root 11241100x8000000000000000322141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dd5e53e0ddfbe22021-12-17 12:32:37.559root 11241100x8000000000000000322142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b1323cb53575a02021-12-17 12:32:37.559root 11241100x8000000000000000322143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fa8346f4247a852021-12-17 12:32:37.559root 11241100x8000000000000000322144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3972d848bf2433ce2021-12-17 12:32:37.559root 11241100x8000000000000000322145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df173c125b20ecf42021-12-17 12:32:37.560root 11241100x8000000000000000322146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 12:32:37.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3f181911d2a14c2021-12-17 12:32:37.560root