354300x8000000000000000137753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:14.119{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43264-false10.0.1.12-8000- 11241100x8000000000000000137754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:14.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdd7858439bfb0c2021-12-17 11:40:14.556root 11241100x8000000000000000137755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:15.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6714df88d2d581042021-12-17 11:40:15.056root 11241100x8000000000000000137756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:15.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e404b12175f376142021-12-17 11:40:15.556root 11241100x8000000000000000137757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:16.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48bdaa2bdd94ea02021-12-17 11:40:16.056root 11241100x8000000000000000137758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:16.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dc272589c1f95d2021-12-17 11:40:16.556root 11241100x8000000000000000137759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:17.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aae5f71e1c973e2021-12-17 11:40:17.056root 11241100x8000000000000000137760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:17.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb15418698373462021-12-17 11:40:17.556root 11241100x8000000000000000137761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:18.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed3d339392867982021-12-17 11:40:18.056root 11241100x8000000000000000137762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:18.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ebdadf124eb5242021-12-17 11:40:18.556root 11241100x8000000000000000137763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:19.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01e0e9acae6aa102021-12-17 11:40:19.056root 354300x8000000000000000137764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:19.180{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43266-false10.0.1.12-8000- 11241100x8000000000000000137765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:19.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dd447568e23fbb2021-12-17 11:40:19.556root 11241100x8000000000000000137766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:19.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a12ea170672c7a2021-12-17 11:40:19.556root 11241100x8000000000000000137767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:20.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be54807135ebcfd2021-12-17 11:40:20.056root 11241100x8000000000000000137768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:20.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a2805888f7da452021-12-17 11:40:20.056root 11241100x8000000000000000137769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:20.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ac37a137b141792021-12-17 11:40:20.556root 11241100x8000000000000000137770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:20.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e18ca5939c99c5f2021-12-17 11:40:20.556root 11241100x8000000000000000137771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:21.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4193cc3747288a8d2021-12-17 11:40:21.056root 11241100x8000000000000000137772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:21.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca54eb8db1d5541a2021-12-17 11:40:21.056root 11241100x8000000000000000137773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:21.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350a5c85c98871712021-12-17 11:40:21.556root 11241100x8000000000000000137774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:21.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5fd352d9b03eba2021-12-17 11:40:21.556root 11241100x8000000000000000137775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:22.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f83faca007d7f062021-12-17 11:40:22.056root 11241100x8000000000000000137776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:22.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bf169cb2a39b312021-12-17 11:40:22.056root 11241100x8000000000000000137777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:22.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7144bf1130eb8f6e2021-12-17 11:40:22.556root 11241100x8000000000000000137778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:22.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41815e9b93d147aa2021-12-17 11:40:22.556root 11241100x8000000000000000137779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:23.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85bd7b01bfdf1bd2021-12-17 11:40:23.056root 11241100x8000000000000000137780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:23.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a06b6eecc1dbf4d2021-12-17 11:40:23.056root 11241100x8000000000000000137781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:23.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50da522d1ad40162021-12-17 11:40:23.556root 11241100x8000000000000000137782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:23.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a2259904559d802021-12-17 11:40:23.556root 154100x8000000000000000137783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:23.729{ec28ba6a-7727-61bc-98fa-9158f4550000}9409/bin/cp-----cp evil_cron.sh /etc/cron.hourly/evil_cron/tmp/evil_workubuntu{ec28ba6a-70c8-61bc-e803-000000000000}10004no level-{ec28ba6a-70c8-61bc-0864-f69184550000}5342/bin/bash-bashubuntu 534500x8000000000000000137784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:23.730{ec28ba6a-7727-61bc-98fa-9158f4550000}9409/bin/cpubuntu 11241100x8000000000000000137785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:24.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15537a392367836a2021-12-17 11:40:24.056root 11241100x8000000000000000137786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:24.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e84032bc95a32c22021-12-17 11:40:24.056root 11241100x8000000000000000137787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:24.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8f77e1ccad19f12021-12-17 11:40:24.056root 11241100x8000000000000000137788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:24.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eda893c248079b02021-12-17 11:40:24.056root 354300x8000000000000000137789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:24.235{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43268-false10.0.1.12-8000- 11241100x8000000000000000137790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:24.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ce237efbe925d22021-12-17 11:40:24.556root 11241100x8000000000000000137791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:24.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eb9c0c066defa32021-12-17 11:40:24.556root 11241100x8000000000000000137792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:24.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a034a813735e245d2021-12-17 11:40:24.556root 11241100x8000000000000000137793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:24.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8689f419857efff12021-12-17 11:40:24.556root 11241100x8000000000000000137794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:24.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1d158449bdde482021-12-17 11:40:24.557root 11241100x8000000000000000137795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:25.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e1591d0af1b76b2021-12-17 11:40:25.056root 11241100x8000000000000000137796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:25.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145f917322e0cb842021-12-17 11:40:25.056root 11241100x8000000000000000137797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:25.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6579114e27755f232021-12-17 11:40:25.056root 11241100x8000000000000000137798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:25.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be222e408fc4086d2021-12-17 11:40:25.056root 11241100x8000000000000000137799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:25.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1ae6b3508787992021-12-17 11:40:25.057root 11241100x8000000000000000137800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:25.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c3128da1c2fd1e2021-12-17 11:40:25.556root 11241100x8000000000000000137801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:25.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c57c2a423cbd7072021-12-17 11:40:25.556root 11241100x8000000000000000137802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:25.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025f70787c8ada7a2021-12-17 11:40:25.556root 11241100x8000000000000000137803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:25.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84801a932124e9e02021-12-17 11:40:25.556root 11241100x8000000000000000137804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:25.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f075fcb7fe5de8792021-12-17 11:40:25.557root 11241100x8000000000000000137805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:26.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75336a8ebb8c3432021-12-17 11:40:26.056root 11241100x8000000000000000137806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:26.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33092130fec57ce72021-12-17 11:40:26.056root 11241100x8000000000000000137807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa614d58ce9f7d332021-12-17 11:40:26.057root 11241100x8000000000000000137808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a34747711fe44be2021-12-17 11:40:26.057root 11241100x8000000000000000137809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:26.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8454da56dcdea5ab2021-12-17 11:40:26.057root 11241100x8000000000000000137810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:26.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5322826abef9e902021-12-17 11:40:26.556root 11241100x8000000000000000137811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:26.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232dc49fbada57ce2021-12-17 11:40:26.556root 11241100x8000000000000000137812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:26.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62537e0f4345db182021-12-17 11:40:26.556root 11241100x8000000000000000137813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:26.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862c3d346023dd782021-12-17 11:40:26.556root 11241100x8000000000000000137814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:26.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af8f5990a9fd8cc2021-12-17 11:40:26.557root 11241100x8000000000000000137815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca28c0200ce622f32021-12-17 11:40:27.056root 11241100x8000000000000000137816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbbdd851c832cbc2021-12-17 11:40:27.056root 11241100x8000000000000000137817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f963cf415d63546b2021-12-17 11:40:27.056root 11241100x8000000000000000137818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbac830c41e4cf42021-12-17 11:40:27.056root 11241100x8000000000000000137819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef47790a96e46f2021-12-17 11:40:27.057root 154100x8000000000000000137820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.441{ec28ba6a-772b-61bc-089e-0e6f63550000}9410/usr/bin/sudo-----sudo cp evil_cron.sh /etc/cron.hourly/evil_cron/tmp/evil_workubuntu{ec28ba6a-70c8-61bc-e803-000000000000}10004no level-{ec28ba6a-70c8-61bc-0864-f69184550000}5342/bin/bash-bashubuntu 11241100x8000000000000000137821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.443{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6b4242e1ceb8ac2021-12-17 11:40:27.443root 11241100x8000000000000000137822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.443{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960e02da7eaa34272021-12-17 11:40:27.443root 11241100x8000000000000000137823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.443{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecc162ae83442992021-12-17 11:40:27.443root 11241100x8000000000000000137824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.443{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa590733bc702f82021-12-17 11:40:27.443root 11241100x8000000000000000137825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.444{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3552c574e5ff3e7b2021-12-17 11:40:27.444root 11241100x8000000000000000137826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.444{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f832f62b810fec952021-12-17 11:40:27.444root 354300x8000000000000000137827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.446{ec28ba6a-772b-61bc-089e-0e6f63550000}9410/usr/bin/sudoubuntuudptruefalse127.0.0.1-44989-false127.0.0.53-53- 354300x8000000000000000137828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.446{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-41015-false10.0.0.2-53- 354300x8000000000000000137829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.446{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-57397-false10.0.0.2-53- 354300x8000000000000000137830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.449{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-44989- 354300x8000000000000000137831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.449{ec28ba6a-772b-61bc-089e-0e6f63550000}9410/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-44989- 354300x8000000000000000137832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.449{ec28ba6a-772b-61bc-089e-0e6f63550000}9410/usr/bin/sudoubuntuudptruefalse127.0.0.1-43607-false127.0.0.53-53- 354300x8000000000000000137833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.450{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-43607- 154100x8000000000000000137834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.456{ec28ba6a-772b-61bc-98aa-0abaeb550000}9411/bin/cp-----cp evil_cron.sh /etc/cron.hourly/evil_cron/tmp/evil_workroot{ec28ba6a-0000-0000-0000-000000000000}04no level-{ec28ba6a-772b-61bc-089e-0e6f63550000}9410/usr/bin/sudosudoubuntu 11241100x8000000000000000137835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.457{ec28ba6a-772b-61bc-98aa-0abaeb550000}9411/bin/cp/etc/cron.hourly/evil_cron2021-12-17 11:40:27.457root 534500x8000000000000000137836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.458{ec28ba6a-772b-61bc-98aa-0abaeb550000}9411/bin/cproot 534500x8000000000000000137837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.458{ec28ba6a-772b-61bc-089e-0e6f63550000}9410/usr/bin/sudoroot 11241100x8000000000000000137838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c39f86b8953174d2021-12-17 11:40:27.807root 11241100x8000000000000000137839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40c4708a3cf35e12021-12-17 11:40:27.807root 11241100x8000000000000000137840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c845956619382b292021-12-17 11:40:27.807root 11241100x8000000000000000137841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a681abf99d27c59d2021-12-17 11:40:27.807root 11241100x8000000000000000137842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8878399e8f3d1faf2021-12-17 11:40:27.807root 11241100x8000000000000000137843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977adde885b9e54e2021-12-17 11:40:27.807root 11241100x8000000000000000137844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587b1255ea1153b62021-12-17 11:40:27.807root 11241100x8000000000000000137845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f190ceea59931eef2021-12-17 11:40:27.807root 11241100x8000000000000000137846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba4675d7745d71d2021-12-17 11:40:27.807root 11241100x8000000000000000137847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456141b1809fd4412021-12-17 11:40:27.807root 11241100x8000000000000000137848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90054cbc74ce2bbb2021-12-17 11:40:27.807root 11241100x8000000000000000137849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d8285f7192ecdf2021-12-17 11:40:27.808root 11241100x8000000000000000137850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a480a5d70914132021-12-17 11:40:27.808root 11241100x8000000000000000137851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e43562031f153b2021-12-17 11:40:27.808root 11241100x8000000000000000137852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66dbf6486d931bc2021-12-17 11:40:27.808root 11241100x8000000000000000137853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0b745acc15f7162021-12-17 11:40:27.808root 11241100x8000000000000000137854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:27.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dc0711e9b6fb9a2021-12-17 11:40:27.808root 11241100x8000000000000000137855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603281f5cd9aa4e32021-12-17 11:40:28.307root 11241100x8000000000000000137856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726b74c6f276d5942021-12-17 11:40:28.307root 11241100x8000000000000000137857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88d17e2f4e812962021-12-17 11:40:28.307root 11241100x8000000000000000137858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c3739379dc8d692021-12-17 11:40:28.307root 11241100x8000000000000000137859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bf7046df1139402021-12-17 11:40:28.307root 11241100x8000000000000000137860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff18280774bad4e2021-12-17 11:40:28.307root 11241100x8000000000000000137861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81c3907fd5d37af2021-12-17 11:40:28.307root 11241100x8000000000000000137862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee08b941faefbc982021-12-17 11:40:28.307root 11241100x8000000000000000137863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feae064f864fa3aa2021-12-17 11:40:28.308root 11241100x8000000000000000137864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea5bdd7dd49a90d2021-12-17 11:40:28.308root 11241100x8000000000000000137865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a04d6e8e4dc1ae2021-12-17 11:40:28.308root 11241100x8000000000000000137866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d599523e0dd10e852021-12-17 11:40:28.308root 11241100x8000000000000000137867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bcaae3addd0cbe2021-12-17 11:40:28.308root 11241100x8000000000000000137868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6794c6eec4fb421b2021-12-17 11:40:28.308root 11241100x8000000000000000137869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8493a8908118e9f72021-12-17 11:40:28.308root 11241100x8000000000000000137870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed8f40f442ccb92021-12-17 11:40:28.308root 11241100x8000000000000000137871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47eacb60075f62c22021-12-17 11:40:28.308root 11241100x8000000000000000137872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cbaaee79df5f0a2021-12-17 11:40:28.807root 11241100x8000000000000000137873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f650525b4218b10f2021-12-17 11:40:28.807root 11241100x8000000000000000137874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2055b7bd5aacac2021-12-17 11:40:28.807root 11241100x8000000000000000137875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc0d58c3c2ee3f22021-12-17 11:40:28.807root 11241100x8000000000000000137876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a513ab994cf2fa1a2021-12-17 11:40:28.807root 11241100x8000000000000000137877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c71eeba276632c2021-12-17 11:40:28.807root 11241100x8000000000000000137878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6647aa2125f3a51b2021-12-17 11:40:28.807root 11241100x8000000000000000137879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f3eedcb463469f2021-12-17 11:40:28.807root 11241100x8000000000000000137880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b18450f2e92d202021-12-17 11:40:28.807root 11241100x8000000000000000137881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2d909eae054cd52021-12-17 11:40:28.807root 11241100x8000000000000000137882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb291fc918f99f02021-12-17 11:40:28.807root 11241100x8000000000000000137883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a1e984a83c0d4e2021-12-17 11:40:28.808root 11241100x8000000000000000137884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c437f92e17751cf2021-12-17 11:40:28.808root 11241100x8000000000000000137885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288db053c1223d932021-12-17 11:40:28.808root 11241100x8000000000000000137886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c95d43d9c840cf2021-12-17 11:40:28.808root 11241100x8000000000000000137887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4eb088edf083ce82021-12-17 11:40:28.808root 11241100x8000000000000000137888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:28.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65670636b79813b02021-12-17 11:40:28.808root 11241100x8000000000000000137889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05917e9a1ca044222021-12-17 11:40:29.307root 11241100x8000000000000000137890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edbcb049c102c4a2021-12-17 11:40:29.307root 11241100x8000000000000000137891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e725351cb41ae22021-12-17 11:40:29.307root 11241100x8000000000000000137892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60a84f9c96627a42021-12-17 11:40:29.307root 11241100x8000000000000000137893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8c1c698350de8c2021-12-17 11:40:29.307root 11241100x8000000000000000137894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a786edac7b8af4b2021-12-17 11:40:29.307root 11241100x8000000000000000137895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcae2b10a311a8622021-12-17 11:40:29.307root 11241100x8000000000000000137896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d7526f6103340b2021-12-17 11:40:29.308root 11241100x8000000000000000137897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6396d588255fcc52021-12-17 11:40:29.308root 11241100x8000000000000000137898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040c4226494cf75e2021-12-17 11:40:29.308root 11241100x8000000000000000137899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1df02efc7f557b12021-12-17 11:40:29.308root 11241100x8000000000000000137900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cadec045632bdf02021-12-17 11:40:29.308root 11241100x8000000000000000137901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0092cb0a303a612021-12-17 11:40:29.308root 11241100x8000000000000000137902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1b34c9616ae7232021-12-17 11:40:29.308root 11241100x8000000000000000137903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e15e63c47f0ab72021-12-17 11:40:29.308root 11241100x8000000000000000137904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51692a2e3be9e2a72021-12-17 11:40:29.308root 11241100x8000000000000000137905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fa133c50fd791c2021-12-17 11:40:29.308root 154100x8000000000000000137906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.786{ec28ba6a-772d-61bc-68d4-601e60550000}9412/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec28ba6a-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2255--- 11241100x8000000000000000137907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.787{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be15e6a458bcff52021-12-17 11:40:29.787root 11241100x8000000000000000137908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.787{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bd586f6c06646b2021-12-17 11:40:29.787root 11241100x8000000000000000137909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.788{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dd22ab8197ee7c2021-12-17 11:40:29.788root 11241100x8000000000000000137910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.788{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1512e9979b78e122021-12-17 11:40:29.788root 11241100x8000000000000000137911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.788{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b24259067c8dfef2021-12-17 11:40:29.788root 11241100x8000000000000000137912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.788{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419fa90ed8fb4cc82021-12-17 11:40:29.788root 11241100x8000000000000000137913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.788{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbb308e9f5bc3582021-12-17 11:40:29.788root 11241100x8000000000000000137914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.788{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f7304566e212372021-12-17 11:40:29.788root 11241100x8000000000000000137915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.788{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabfbf2201778d0b2021-12-17 11:40:29.788root 11241100x8000000000000000137916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.789{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c061d1ae4b9219c2021-12-17 11:40:29.789root 11241100x8000000000000000137917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.789{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c83ead152747cb42021-12-17 11:40:29.789root 11241100x8000000000000000137918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.789{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda57fc8e44072c12021-12-17 11:40:29.789root 11241100x8000000000000000137919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.789{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3af992e08b1c8b2021-12-17 11:40:29.789root 11241100x8000000000000000137920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.789{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce0076c91d396962021-12-17 11:40:29.789root 11241100x8000000000000000137921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.789{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3bba80bc0b09b42021-12-17 11:40:29.789root 11241100x8000000000000000137922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.789{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695c06a8bad932bf2021-12-17 11:40:29.789root 11241100x8000000000000000137923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.789{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f527bb187dd816382021-12-17 11:40:29.789root 11241100x8000000000000000137924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.789{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13107203e48c5d572021-12-17 11:40:29.789root 11241100x8000000000000000137925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.789{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df0235a717d3fe42021-12-17 11:40:29.789root 11241100x8000000000000000137926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.789{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d069c3019564b6d22021-12-17 11:40:29.789root 534500x8000000000000000137927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:29.812{ec28ba6a-772d-61bc-68d4-601e60550000}9412/bin/psroot 11241100x8000000000000000137928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eafa7a902c86bd42021-12-17 11:40:30.057root 11241100x8000000000000000137929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570ad5b705336bc02021-12-17 11:40:30.057root 11241100x8000000000000000137930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e62dc4b915fa7d52021-12-17 11:40:30.057root 11241100x8000000000000000137931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9a0283fc4ce5742021-12-17 11:40:30.057root 11241100x8000000000000000137932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af65d679d1301d6a2021-12-17 11:40:30.057root 11241100x8000000000000000137933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d9567dec57770f2021-12-17 11:40:30.057root 11241100x8000000000000000137934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b92065b5976d6832021-12-17 11:40:30.057root 11241100x8000000000000000137935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acda13bf2de6fec2021-12-17 11:40:30.057root 11241100x8000000000000000137936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296ac30bf59522eb2021-12-17 11:40:30.057root 11241100x8000000000000000137937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f846cfe820c7982021-12-17 11:40:30.057root 11241100x8000000000000000137938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea4e7336fdbcf462021-12-17 11:40:30.058root 11241100x8000000000000000137939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ce1182b7a4852a2021-12-17 11:40:30.058root 11241100x8000000000000000137940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d5527990ebfa752021-12-17 11:40:30.058root 11241100x8000000000000000137941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcf4048fc1e12e82021-12-17 11:40:30.058root 11241100x8000000000000000137942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02412809b50df9e72021-12-17 11:40:30.058root 11241100x8000000000000000137943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9854bfe8364c63b02021-12-17 11:40:30.058root 11241100x8000000000000000137944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5707c2b34f20c5432021-12-17 11:40:30.058root 11241100x8000000000000000137945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86e06cc3afc1ef02021-12-17 11:40:30.058root 11241100x8000000000000000137946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff8c085382b76cc2021-12-17 11:40:30.058root 11241100x8000000000000000137947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.184{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-17 11:40:30.184root 354300x8000000000000000137948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.213{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43270-false10.0.1.12-8000- 354300x8000000000000000137949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.378{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-40418-false10.0.1.12-8089- 11241100x8000000000000000137950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.379{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42505c8641af8cf82021-12-17 11:40:30.379root 11241100x8000000000000000137951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.379{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952d42574681372a2021-12-17 11:40:30.379root 11241100x8000000000000000137952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.379{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae729baf1f985d92021-12-17 11:40:30.379root 11241100x8000000000000000137953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.379{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff20eab5bea86f32021-12-17 11:40:30.379root 11241100x8000000000000000137954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.379{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb478f7786829e92021-12-17 11:40:30.379root 11241100x8000000000000000137955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.379{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea50073616dc81aa2021-12-17 11:40:30.379root 11241100x8000000000000000137956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce331ed4afe2cf272021-12-17 11:40:30.380root 11241100x8000000000000000137957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2cb237b3ba2c122021-12-17 11:40:30.380root 11241100x8000000000000000137958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3de1a1d8af6e272021-12-17 11:40:30.380root 11241100x8000000000000000137959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec3d0a7f6e3ffd82021-12-17 11:40:30.380root 11241100x8000000000000000137960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970340fe37d38cd62021-12-17 11:40:30.380root 11241100x8000000000000000137961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f583bc2a88760952021-12-17 11:40:30.380root 11241100x8000000000000000137962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2523a0573abf83a2021-12-17 11:40:30.380root 11241100x8000000000000000137963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d4baa7aa282efb2021-12-17 11:40:30.380root 11241100x8000000000000000137964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7674c2c622a868442021-12-17 11:40:30.381root 11241100x8000000000000000137965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec8187efc05e2252021-12-17 11:40:30.381root 11241100x8000000000000000137966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce94c10557992f3e2021-12-17 11:40:30.381root 11241100x8000000000000000137967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bb65eebc6667fa2021-12-17 11:40:30.381root 11241100x8000000000000000137968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e18881d182fe05b2021-12-17 11:40:30.381root 11241100x8000000000000000137969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7482900ed5c9672021-12-17 11:40:30.381root 11241100x8000000000000000137970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b01521997b9def2021-12-17 11:40:30.381root 11241100x8000000000000000137971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f271433a57b4ffc2021-12-17 11:40:30.381root 11241100x8000000000000000137972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb3f469f363d86c2021-12-17 11:40:30.381root 11241100x8000000000000000137973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c2d8e2f4811aa02021-12-17 11:40:30.381root 11241100x8000000000000000137974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11557b6abeaf9f1d2021-12-17 11:40:30.381root 11241100x8000000000000000137975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.382{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735030c75be3bd7c2021-12-17 11:40:30.382root 11241100x8000000000000000137976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.382{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8441cb9136ca8062021-12-17 11:40:30.382root 11241100x8000000000000000137977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.382{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f733a1571174a2e2021-12-17 11:40:30.382root 11241100x8000000000000000137978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d658ed11603c89b2021-12-17 11:40:30.807root 11241100x8000000000000000137979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6d6d842e49cc162021-12-17 11:40:30.807root 11241100x8000000000000000137980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23274239d89df4732021-12-17 11:40:30.807root 11241100x8000000000000000137981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1163afc92f9c4ca2021-12-17 11:40:30.807root 11241100x8000000000000000137982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a8c6fe85c90fbb2021-12-17 11:40:30.807root 11241100x8000000000000000137983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f616155418661a62021-12-17 11:40:30.808root 11241100x8000000000000000137984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b474a0063f858d2021-12-17 11:40:30.808root 11241100x8000000000000000137985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ba6626911eefa32021-12-17 11:40:30.808root 11241100x8000000000000000137986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dc2b0c0949b9e02021-12-17 11:40:30.808root 11241100x8000000000000000137987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a27a2dd7074f8d2021-12-17 11:40:30.808root 11241100x8000000000000000137988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57245d80b0f8b732021-12-17 11:40:30.808root 11241100x8000000000000000137989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359035848f48b3b42021-12-17 11:40:30.808root 11241100x8000000000000000137990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf481a60f9ce9ba2021-12-17 11:40:30.808root 11241100x8000000000000000137991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e341dbb640d2862021-12-17 11:40:30.808root 11241100x8000000000000000137992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ffabd1e74be1d62021-12-17 11:40:30.808root 11241100x8000000000000000137993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5d291fc258c58c2021-12-17 11:40:30.809root 11241100x8000000000000000137994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a8432f6366737f2021-12-17 11:40:30.809root 11241100x8000000000000000137995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305f60732de1f7c42021-12-17 11:40:30.809root 11241100x8000000000000000137996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4339dbb7d392a7c72021-12-17 11:40:30.809root 11241100x8000000000000000137997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d166257c77dbbe2021-12-17 11:40:30.809root 11241100x8000000000000000137998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b61625872d012b32021-12-17 11:40:30.809root 11241100x8000000000000000137999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:30.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad1868ee966dae72021-12-17 11:40:30.809root 11241100x8000000000000000138000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc65521f86eddc252021-12-17 11:40:31.307root 11241100x8000000000000000138001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d427fc23c4ce1cb2021-12-17 11:40:31.307root 11241100x8000000000000000138002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137fd185ef02a7c52021-12-17 11:40:31.307root 11241100x8000000000000000138003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5013564ebe42712021-12-17 11:40:31.307root 11241100x8000000000000000138004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8275e01fb274bd8e2021-12-17 11:40:31.307root 11241100x8000000000000000138005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d98ab40dde59742021-12-17 11:40:31.307root 11241100x8000000000000000138006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b27f5010c1168e12021-12-17 11:40:31.307root 11241100x8000000000000000138007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc3255e118d23fe2021-12-17 11:40:31.308root 11241100x8000000000000000138008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d8a91ff95594d22021-12-17 11:40:31.308root 11241100x8000000000000000138009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e928c2675a6d1f2021-12-17 11:40:31.308root 11241100x8000000000000000138010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da27449020803d012021-12-17 11:40:31.308root 11241100x8000000000000000138011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9dc684cb6d8fe62021-12-17 11:40:31.308root 11241100x8000000000000000138012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55aeb641f21db532021-12-17 11:40:31.308root 11241100x8000000000000000138013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0749fb61143143f22021-12-17 11:40:31.308root 11241100x8000000000000000138014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a974bf7a86c8502021-12-17 11:40:31.308root 11241100x8000000000000000138015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ea270e41201cf12021-12-17 11:40:31.308root 11241100x8000000000000000138016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e88ad1c3e2e4532021-12-17 11:40:31.308root 11241100x8000000000000000138017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f001124293e263162021-12-17 11:40:31.308root 11241100x8000000000000000138018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e13d55454cbeba62021-12-17 11:40:31.308root 11241100x8000000000000000138019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac8648bb9ee661e2021-12-17 11:40:31.308root 11241100x8000000000000000138020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8270f172135bf6b2021-12-17 11:40:31.308root 11241100x8000000000000000138021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5077621014023cd92021-12-17 11:40:31.308root 11241100x8000000000000000138022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d81194368f6fb32021-12-17 11:40:31.806root 11241100x8000000000000000138023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aa7dcc747f0e692021-12-17 11:40:31.806root 11241100x8000000000000000138024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543b5566be7e53732021-12-17 11:40:31.806root 11241100x8000000000000000138025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24518eaa3278085c2021-12-17 11:40:31.806root 11241100x8000000000000000138026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83d996f4afa73b32021-12-17 11:40:31.806root 11241100x8000000000000000138027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ffc6c72d5049232021-12-17 11:40:31.806root 11241100x8000000000000000138028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1238dd747b1749c32021-12-17 11:40:31.807root 11241100x8000000000000000138029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06cdec862604f012021-12-17 11:40:31.807root 11241100x8000000000000000138030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8c98ff91d6b7c12021-12-17 11:40:31.807root 11241100x8000000000000000138031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c4c1c3069761142021-12-17 11:40:31.807root 11241100x8000000000000000138032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fc7deff8df8b6a2021-12-17 11:40:31.807root 11241100x8000000000000000138033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3d08792ae3ecec2021-12-17 11:40:31.807root 11241100x8000000000000000138034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3b74ad4ad266202021-12-17 11:40:31.807root 11241100x8000000000000000138035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff478980c58598c2021-12-17 11:40:31.807root 11241100x8000000000000000138036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7dc48e82db01512021-12-17 11:40:31.807root 11241100x8000000000000000138037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588375a9dae598e92021-12-17 11:40:31.807root 11241100x8000000000000000138038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19823a0a2af92632021-12-17 11:40:31.807root 11241100x8000000000000000138039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a25cff7a22f1d812021-12-17 11:40:31.807root 11241100x8000000000000000138040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2235ec05d438ffa82021-12-17 11:40:31.807root 11241100x8000000000000000138041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df00cb71463abb7f2021-12-17 11:40:31.807root 11241100x8000000000000000138042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2092187eff79140c2021-12-17 11:40:31.807root 11241100x8000000000000000138043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8567ce4df9eeff22021-12-17 11:40:31.808root 11241100x8000000000000000138044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:31.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665f0c83d9a82d8d2021-12-17 11:40:31.808root 11241100x8000000000000000138045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc935915ef667842021-12-17 11:40:32.307root 11241100x8000000000000000138046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28e743791166f222021-12-17 11:40:32.307root 11241100x8000000000000000138047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b25d8ddfb3e3ba32021-12-17 11:40:32.307root 11241100x8000000000000000138048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23df2ff5d2b87042021-12-17 11:40:32.307root 11241100x8000000000000000138049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e9093117e2feca2021-12-17 11:40:32.307root 11241100x8000000000000000138050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a57734358ff97e82021-12-17 11:40:32.307root 11241100x8000000000000000138051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5616ab4a6587bc4d2021-12-17 11:40:32.307root 11241100x8000000000000000138052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba926875b83c5e92021-12-17 11:40:32.308root 11241100x8000000000000000138053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e716dac812214c42021-12-17 11:40:32.308root 11241100x8000000000000000138054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a12a5e1af4b4e952021-12-17 11:40:32.308root 11241100x8000000000000000138055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e309e36f961c5d2021-12-17 11:40:32.308root 11241100x8000000000000000138056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6677dcebdd4cb5e2021-12-17 11:40:32.308root 11241100x8000000000000000138057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8662abf0fcf43e2021-12-17 11:40:32.308root 11241100x8000000000000000138058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f508e2e704c0f62021-12-17 11:40:32.308root 11241100x8000000000000000138059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932958c30892949e2021-12-17 11:40:32.308root 11241100x8000000000000000138060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15d9879cc7346682021-12-17 11:40:32.308root 11241100x8000000000000000138061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c9bebc58a424a62021-12-17 11:40:32.308root 11241100x8000000000000000138062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c533aaa5e4e1952a2021-12-17 11:40:32.308root 11241100x8000000000000000138063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fad6ee6710caeaf2021-12-17 11:40:32.308root 11241100x8000000000000000138064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ee99831f5c15112021-12-17 11:40:32.308root 11241100x8000000000000000138065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85da827f7b0d533d2021-12-17 11:40:32.308root 11241100x8000000000000000138066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03df184a8440b81c2021-12-17 11:40:32.308root 11241100x8000000000000000138067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c795a7d13dfaf82021-12-17 11:40:32.806root 11241100x8000000000000000138068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74b2a15c86647742021-12-17 11:40:32.806root 11241100x8000000000000000138069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4669fe2abe454c2021-12-17 11:40:32.806root 11241100x8000000000000000138070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1976aede2a0bbd92021-12-17 11:40:32.806root 11241100x8000000000000000138071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3565dc8b073179f62021-12-17 11:40:32.807root 11241100x8000000000000000138072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32497d65d9b6ece2021-12-17 11:40:32.807root 11241100x8000000000000000138073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0316731358d319d2021-12-17 11:40:32.807root 11241100x8000000000000000138074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f78092a90306fc52021-12-17 11:40:32.807root 11241100x8000000000000000138075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e7becb8d42712a2021-12-17 11:40:32.807root 11241100x8000000000000000138076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36d067c240b0dee2021-12-17 11:40:32.807root 11241100x8000000000000000138077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ec5eacb1b6bc7e2021-12-17 11:40:32.807root 11241100x8000000000000000138078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aec7787689cbeb82021-12-17 11:40:32.807root 11241100x8000000000000000138079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f8c28e504d81562021-12-17 11:40:32.807root 11241100x8000000000000000138080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45750bd9b5eb191b2021-12-17 11:40:32.807root 11241100x8000000000000000138081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2474a8061960302021-12-17 11:40:32.807root 11241100x8000000000000000138082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b94101665999e862021-12-17 11:40:32.807root 11241100x8000000000000000138083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d629f6b619e6b92021-12-17 11:40:32.807root 11241100x8000000000000000138084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819a8924fb9ead792021-12-17 11:40:32.807root 11241100x8000000000000000138085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0399a8f683e79aca2021-12-17 11:40:32.807root 11241100x8000000000000000138086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd90d2ef1a8286e2021-12-17 11:40:32.808root 11241100x8000000000000000138087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4269af6ff862b01d2021-12-17 11:40:32.808root 11241100x8000000000000000138088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:32.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465f3a2aeafaf6142021-12-17 11:40:32.808root 23542300x8000000000000000138089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.193{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000138090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.194{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4d6ba1265555592021-12-17 11:40:33.194root 11241100x8000000000000000138091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.194{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5eebed1bd9f6bd22021-12-17 11:40:33.194root 11241100x8000000000000000138092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.194{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdcf8467b20b78c2021-12-17 11:40:33.194root 11241100x8000000000000000138093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.194{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eacc7082a8271082021-12-17 11:40:33.194root 11241100x8000000000000000138094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.194{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac851246dff9675f2021-12-17 11:40:33.194root 11241100x8000000000000000138095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.194{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d53fbb6812987ef2021-12-17 11:40:33.194root 11241100x8000000000000000138096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.194{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55705aec90974072021-12-17 11:40:33.194root 11241100x8000000000000000138097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4d78db4b4d64082021-12-17 11:40:33.195root 11241100x8000000000000000138098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dc6c0f127ebeb32021-12-17 11:40:33.195root 11241100x8000000000000000138099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c578ab8c7ba514d52021-12-17 11:40:33.195root 11241100x8000000000000000138100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fbc0a16884c0832021-12-17 11:40:33.195root 11241100x8000000000000000138101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136d3ea030c318b92021-12-17 11:40:33.195root 11241100x8000000000000000138102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d5c702ef0215b52021-12-17 11:40:33.195root 11241100x8000000000000000138103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c893f90ebb4d1d1c2021-12-17 11:40:33.195root 11241100x8000000000000000138104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720bbdcb4f3765f82021-12-17 11:40:33.195root 11241100x8000000000000000138105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d41424e25e6b322021-12-17 11:40:33.195root 11241100x8000000000000000138106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3658248841c9ed7c2021-12-17 11:40:33.195root 11241100x8000000000000000138107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cafaa8a2055fb3a2021-12-17 11:40:33.196root 11241100x8000000000000000138108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4356c8bd1de0c4ad2021-12-17 11:40:33.196root 11241100x8000000000000000138109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2114686aac44c172021-12-17 11:40:33.196root 11241100x8000000000000000138110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0340c57659ed05d2021-12-17 11:40:33.196root 11241100x8000000000000000138111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ba9a356e9918492021-12-17 11:40:33.196root 11241100x8000000000000000138112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fe904af5d6ecef2021-12-17 11:40:33.196root 11241100x8000000000000000138113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd348667daeb2df2021-12-17 11:40:33.557root 11241100x8000000000000000138114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ce03ba151133b12021-12-17 11:40:33.557root 11241100x8000000000000000138115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5ecba0cc983bb42021-12-17 11:40:33.557root 11241100x8000000000000000138116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfea217bf3b32732021-12-17 11:40:33.557root 11241100x8000000000000000138117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c3990834369a482021-12-17 11:40:33.557root 11241100x8000000000000000138118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8467cadeaba3c3cd2021-12-17 11:40:33.557root 11241100x8000000000000000138119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226e2d9f8706fe842021-12-17 11:40:33.557root 11241100x8000000000000000138120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98690a6e50aa1e942021-12-17 11:40:33.558root 11241100x8000000000000000138121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2da11e610fe18e42021-12-17 11:40:33.558root 11241100x8000000000000000138122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa645bd02a47516e2021-12-17 11:40:33.558root 11241100x8000000000000000138123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28710daaf5b340302021-12-17 11:40:33.558root 11241100x8000000000000000138124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa2848d6c755ab12021-12-17 11:40:33.558root 11241100x8000000000000000138125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441b76670baa9d412021-12-17 11:40:33.558root 11241100x8000000000000000138126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f82294bcdb21cfe2021-12-17 11:40:33.558root 11241100x8000000000000000138127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9790160aa8506f72021-12-17 11:40:33.558root 11241100x8000000000000000138128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e511b18c6f43142021-12-17 11:40:33.558root 11241100x8000000000000000138129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577d140b762280262021-12-17 11:40:33.558root 11241100x8000000000000000138130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da9265dd5d2c50c2021-12-17 11:40:33.558root 11241100x8000000000000000138131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e16389133d479062021-12-17 11:40:33.558root 11241100x8000000000000000138132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f7f422f8e029272021-12-17 11:40:33.558root 11241100x8000000000000000138133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d16c68199a4028b2021-12-17 11:40:33.558root 11241100x8000000000000000138134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6139614f50ccf282021-12-17 11:40:33.558root 11241100x8000000000000000138135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:33.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bae88244f4a1be2021-12-17 11:40:33.559root 11241100x8000000000000000138136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bc19e252082a2b2021-12-17 11:40:34.057root 11241100x8000000000000000138137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf3a07d0691edd12021-12-17 11:40:34.057root 11241100x8000000000000000138138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b715fcf3afbb2e982021-12-17 11:40:34.057root 11241100x8000000000000000138139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb18228db2804c232021-12-17 11:40:34.057root 11241100x8000000000000000138140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7865832a8d6b59c2021-12-17 11:40:34.057root 11241100x8000000000000000138141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a722cd329109b82021-12-17 11:40:34.057root 11241100x8000000000000000138142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0268cee9211c49362021-12-17 11:40:34.057root 11241100x8000000000000000138143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe5974016b9668a2021-12-17 11:40:34.058root 11241100x8000000000000000138144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fc3c284c3a67102021-12-17 11:40:34.058root 11241100x8000000000000000138145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dec69f172c170362021-12-17 11:40:34.058root 11241100x8000000000000000138146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56d227eca0a64992021-12-17 11:40:34.058root 11241100x8000000000000000138147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfadcd257799ca32021-12-17 11:40:34.058root 11241100x8000000000000000138148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b72ae266b2d84ba2021-12-17 11:40:34.058root 11241100x8000000000000000138149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd555789d45851212021-12-17 11:40:34.058root 11241100x8000000000000000138150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a828a31f0d1494462021-12-17 11:40:34.058root 11241100x8000000000000000138151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a55b73773f0fc932021-12-17 11:40:34.058root 11241100x8000000000000000138152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5749cb95f0d7252021-12-17 11:40:34.058root 11241100x8000000000000000138153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7146de7c2ddd4182021-12-17 11:40:34.058root 11241100x8000000000000000138154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba29fec2b45264262021-12-17 11:40:34.058root 11241100x8000000000000000138155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5af9ddad79586e32021-12-17 11:40:34.058root 11241100x8000000000000000138156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6dd17a66dc97202021-12-17 11:40:34.058root 11241100x8000000000000000138157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c2c90b191b3d422021-12-17 11:40:34.058root 11241100x8000000000000000138158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3bb2ec70d38d772021-12-17 11:40:34.059root 154100x8000000000000000138159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.202{ec28ba6a-7732-61bc-08ae-46902d560000}9413/usr/bin/sudo-----sudo cp evil_cron.sh /etc/cron.weekly/evil_cron/tmp/evil_workubuntu{ec28ba6a-70c8-61bc-e803-000000000000}10004no level-{ec28ba6a-70c8-61bc-0864-f69184550000}5342/bin/bash-bashubuntu 354300x8000000000000000138160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.206{ec28ba6a-7732-61bc-08ae-46902d560000}9413/usr/bin/sudoubuntuudptruefalse127.0.0.1-60801-false127.0.0.53-53- 354300x8000000000000000138161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.206{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-52637-false10.0.0.2-53- 354300x8000000000000000138162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.206{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-33202-false10.0.0.2-53- 354300x8000000000000000138163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.206{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-60801- 354300x8000000000000000138164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.207{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-34014- 354300x8000000000000000138165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.207{ec28ba6a-7732-61bc-08ae-46902d560000}9413/usr/bin/sudoubuntuudptruefalse127.0.0.1-34014-false127.0.0.53-53- 154100x8000000000000000138166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.210{ec28ba6a-7732-61bc-989a-fefc6a550000}9414/bin/cp-----cp evil_cron.sh /etc/cron.weekly/evil_cron/tmp/evil_workroot{ec28ba6a-0000-0000-0000-000000000000}04no level-{ec28ba6a-7732-61bc-08ae-46902d560000}9413/usr/bin/sudosudoubuntu 11241100x8000000000000000138167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.211{ec28ba6a-7732-61bc-989a-fefc6a550000}9414/bin/cp/etc/cron.weekly/evil_cron2021-12-17 11:40:34.211root 534500x8000000000000000138168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.212{ec28ba6a-7732-61bc-989a-fefc6a550000}9414/bin/cproot 534500x8000000000000000138169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.213{ec28ba6a-7732-61bc-08ae-46902d560000}9413/usr/bin/sudoroot 11241100x8000000000000000138170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282c6289fed17d2b2021-12-17 11:40:34.557root 11241100x8000000000000000138171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6011a60e54e1fb772021-12-17 11:40:34.558root 11241100x8000000000000000138172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600982d24e26f8892021-12-17 11:40:34.558root 11241100x8000000000000000138173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc24605f9dbe13c2021-12-17 11:40:34.558root 11241100x8000000000000000138174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188162e1526334aa2021-12-17 11:40:34.558root 11241100x8000000000000000138175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fffce98f1d44db2021-12-17 11:40:34.558root 11241100x8000000000000000138176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d341dffd8e2ee22021-12-17 11:40:34.558root 11241100x8000000000000000138177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb542732f83970b12021-12-17 11:40:34.558root 11241100x8000000000000000138178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d8417df813e80f2021-12-17 11:40:34.558root 11241100x8000000000000000138179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f013fee9555c0982021-12-17 11:40:34.558root 11241100x8000000000000000138180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40eb43a8cfc5e9c2021-12-17 11:40:34.558root 11241100x8000000000000000138181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b54b37ecac70682021-12-17 11:40:34.558root 11241100x8000000000000000138182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a375d389238eca82021-12-17 11:40:34.558root 11241100x8000000000000000138183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae4c724166a04972021-12-17 11:40:34.559root 11241100x8000000000000000138184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693a181aa368466f2021-12-17 11:40:34.559root 11241100x8000000000000000138185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e311e2a8e02de8dd2021-12-17 11:40:34.559root 11241100x8000000000000000138186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1695f0abd9e3441d2021-12-17 11:40:34.559root 11241100x8000000000000000138187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8c3dc21e9751382021-12-17 11:40:34.559root 11241100x8000000000000000138188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaba994bf208102c2021-12-17 11:40:34.559root 11241100x8000000000000000138189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c91bfe9ee075fca2021-12-17 11:40:34.559root 11241100x8000000000000000138190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9ecdcf8d060a1b2021-12-17 11:40:34.559root 11241100x8000000000000000138191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c714eb976b27d4b42021-12-17 11:40:34.559root 11241100x8000000000000000138192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b4dece553a54bd2021-12-17 11:40:34.559root 11241100x8000000000000000138193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61470fcd65064c442021-12-17 11:40:34.560root 11241100x8000000000000000138194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a52cfab92263e72021-12-17 11:40:34.560root 11241100x8000000000000000138195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf6dd5051ac167d2021-12-17 11:40:34.560root 11241100x8000000000000000138196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730d1d854377f0952021-12-17 11:40:34.560root 11241100x8000000000000000138197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7ff0f064ff51452021-12-17 11:40:34.560root 11241100x8000000000000000138198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b1c36d3b0317582021-12-17 11:40:34.560root 11241100x8000000000000000138199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e382ba8be8e491322021-12-17 11:40:34.560root 11241100x8000000000000000138200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8db52f8df85bad52021-12-17 11:40:34.560root 11241100x8000000000000000138201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74eb22f3cbc0c112021-12-17 11:40:34.560root 11241100x8000000000000000138202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e0e5041cd9e8b42021-12-17 11:40:34.560root 11241100x8000000000000000138203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:34.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e3978967f7d6d72021-12-17 11:40:34.561root 11241100x8000000000000000138204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c3e98a4b77d6762021-12-17 11:40:35.057root 11241100x8000000000000000138205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832b140190b144b52021-12-17 11:40:35.058root 11241100x8000000000000000138206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a25609ea95d5c2e2021-12-17 11:40:35.058root 11241100x8000000000000000138207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328de19154ba907d2021-12-17 11:40:35.058root 11241100x8000000000000000138208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c843741254c1f6d12021-12-17 11:40:35.058root 11241100x8000000000000000138209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520aa4019ed34c922021-12-17 11:40:35.058root 11241100x8000000000000000138210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e1688cd23c008b2021-12-17 11:40:35.058root 11241100x8000000000000000138211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cd0e7227811f552021-12-17 11:40:35.058root 11241100x8000000000000000138212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df26eb0fef03a2442021-12-17 11:40:35.058root 11241100x8000000000000000138213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47890258bf14848f2021-12-17 11:40:35.058root 11241100x8000000000000000138214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7138e684201df0462021-12-17 11:40:35.058root 11241100x8000000000000000138215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a147cb629d15cb0a2021-12-17 11:40:35.058root 11241100x8000000000000000138216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d1f82d5c5af7ed2021-12-17 11:40:35.058root 11241100x8000000000000000138217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f893fa8dc691f582021-12-17 11:40:35.059root 11241100x8000000000000000138218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2673e5075fdfd3c52021-12-17 11:40:35.059root 11241100x8000000000000000138219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d5e35c55a5ebfe2021-12-17 11:40:35.059root 11241100x8000000000000000138220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe97f6a8685b9b02021-12-17 11:40:35.059root 11241100x8000000000000000138221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4813fa5cf7e69f2021-12-17 11:40:35.059root 11241100x8000000000000000138222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e6025a16cf58242021-12-17 11:40:35.059root 11241100x8000000000000000138223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1693c22d2c5b03ec2021-12-17 11:40:35.059root 11241100x8000000000000000138224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b8ddf7a90fbd0d2021-12-17 11:40:35.059root 11241100x8000000000000000138225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b18168f8ffbac72021-12-17 11:40:35.059root 11241100x8000000000000000138226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bf82ca5bfdeaf12021-12-17 11:40:35.059root 11241100x8000000000000000138227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f75a71f0dda31ba2021-12-17 11:40:35.059root 11241100x8000000000000000138228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fb35fbedce76f62021-12-17 11:40:35.059root 11241100x8000000000000000138229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bbf5f8c7f62c082021-12-17 11:40:35.059root 11241100x8000000000000000138230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a589118a4d18e8032021-12-17 11:40:35.059root 11241100x8000000000000000138231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e64491408be2daf2021-12-17 11:40:35.059root 11241100x8000000000000000138232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b7f448d6dc5ac12021-12-17 11:40:35.060root 11241100x8000000000000000138233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e148cd401f522c42021-12-17 11:40:35.060root 11241100x8000000000000000138234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b19f20bca9f70242021-12-17 11:40:35.060root 11241100x8000000000000000138235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a3c7ff1f1321ee2021-12-17 11:40:35.060root 11241100x8000000000000000138236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e267334653ba4ee02021-12-17 11:40:35.060root 11241100x8000000000000000138237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f18b5955bd12492021-12-17 11:40:35.060root 11241100x8000000000000000138238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f20f72c6b445b62021-12-17 11:40:35.558root 11241100x8000000000000000138239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072d4e91e0f91e262021-12-17 11:40:35.558root 11241100x8000000000000000138240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b989dd671f8d722021-12-17 11:40:35.558root 11241100x8000000000000000138241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1658f620b4b4758e2021-12-17 11:40:35.558root 11241100x8000000000000000138242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b178917525c87f02021-12-17 11:40:35.558root 11241100x8000000000000000138243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f31429768d983f2021-12-17 11:40:35.558root 11241100x8000000000000000138244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352eaccc361c178a2021-12-17 11:40:35.558root 11241100x8000000000000000138245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cf1919ed6407732021-12-17 11:40:35.558root 11241100x8000000000000000138246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58401ac0c9c12d02021-12-17 11:40:35.558root 11241100x8000000000000000138247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c3a2cecbbc669e2021-12-17 11:40:35.559root 11241100x8000000000000000138248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550f00b3466b5ab22021-12-17 11:40:35.559root 11241100x8000000000000000138249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca428ff36ac3a8e2021-12-17 11:40:35.559root 11241100x8000000000000000138250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924e484ed9b3842e2021-12-17 11:40:35.559root 11241100x8000000000000000138251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a956617e296295882021-12-17 11:40:35.559root 11241100x8000000000000000138252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f88d8f784ab1952021-12-17 11:40:35.559root 11241100x8000000000000000138253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6c644240e5154c2021-12-17 11:40:35.559root 11241100x8000000000000000138254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fed1ff6579d9f142021-12-17 11:40:35.559root 11241100x8000000000000000138255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669fe47d00f77dbd2021-12-17 11:40:35.559root 11241100x8000000000000000138256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc97f7f07d146602021-12-17 11:40:35.559root 11241100x8000000000000000138257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719c3874743dd3652021-12-17 11:40:35.559root 11241100x8000000000000000138258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed1fbc35ff0d9c42021-12-17 11:40:35.559root 11241100x8000000000000000138259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4051f072eae9278d2021-12-17 11:40:35.559root 11241100x8000000000000000138260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ca10b5fb76be022021-12-17 11:40:35.559root 11241100x8000000000000000138261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bfe93f796e096d2021-12-17 11:40:35.559root 11241100x8000000000000000138262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd96c61f8f7385a2021-12-17 11:40:35.560root 11241100x8000000000000000138263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24605b3d8dff668f2021-12-17 11:40:35.560root 11241100x8000000000000000138264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f711c1f72ba79c2021-12-17 11:40:35.560root 11241100x8000000000000000138265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fec044f879dac182021-12-17 11:40:35.560root 11241100x8000000000000000138266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aa805e33fd43b42021-12-17 11:40:35.560root 11241100x8000000000000000138267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f108f5d897721c5e2021-12-17 11:40:35.560root 11241100x8000000000000000138268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f011faebfe0b526f2021-12-17 11:40:35.560root 11241100x8000000000000000138269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea091b40b9bc22d12021-12-17 11:40:35.560root 11241100x8000000000000000138270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df087ccc5d727082021-12-17 11:40:35.560root 11241100x8000000000000000138271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:35.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cded3ed26feddf732021-12-17 11:40:35.560root 11241100x8000000000000000138272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9308fbc80d537042021-12-17 11:40:36.058root 11241100x8000000000000000138273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4426856a2f756862021-12-17 11:40:36.058root 11241100x8000000000000000138274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ade2f2a24de01b2021-12-17 11:40:36.058root 11241100x8000000000000000138275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee3532a96a70ec12021-12-17 11:40:36.058root 11241100x8000000000000000138276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa50164440ff4fc32021-12-17 11:40:36.058root 11241100x8000000000000000138277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c127c5ae1d81a3d92021-12-17 11:40:36.058root 11241100x8000000000000000138278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10e5d7322f7835c2021-12-17 11:40:36.058root 11241100x8000000000000000138279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ae402c5ad57cf82021-12-17 11:40:36.058root 11241100x8000000000000000138280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1929e28ce366b0c12021-12-17 11:40:36.058root 11241100x8000000000000000138281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076463b133bcb1b82021-12-17 11:40:36.059root 11241100x8000000000000000138282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f917e3f5d1d32c1e2021-12-17 11:40:36.059root 11241100x8000000000000000138283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65248d4aec6ac9d62021-12-17 11:40:36.059root 11241100x8000000000000000138284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae632b9f753ce462021-12-17 11:40:36.059root 11241100x8000000000000000138285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e409b2d5b98fbb2021-12-17 11:40:36.059root 11241100x8000000000000000138286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c46fe2d3b2af3a2021-12-17 11:40:36.059root 11241100x8000000000000000138287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e244bb52c22d7c502021-12-17 11:40:36.060root 11241100x8000000000000000138288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e3494414f898b02021-12-17 11:40:36.060root 11241100x8000000000000000138289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d872d3d8bb8359ac2021-12-17 11:40:36.060root 11241100x8000000000000000138290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78174e2fec99feba2021-12-17 11:40:36.060root 11241100x8000000000000000138291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f12e6f0020226e52021-12-17 11:40:36.060root 11241100x8000000000000000138292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2513d5c9c0b273332021-12-17 11:40:36.060root 11241100x8000000000000000138293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe160da440b24a22021-12-17 11:40:36.060root 11241100x8000000000000000138294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee9bf2cef6e7e492021-12-17 11:40:36.060root 11241100x8000000000000000138295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ec22e15f89f5c72021-12-17 11:40:36.060root 11241100x8000000000000000138296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b14d5f8dc0b50912021-12-17 11:40:36.060root 11241100x8000000000000000138297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da26c1d37127a6a2021-12-17 11:40:36.060root 11241100x8000000000000000138298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3be5767c8508ee72021-12-17 11:40:36.060root 11241100x8000000000000000138299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd946fc6370d0212021-12-17 11:40:36.061root 11241100x8000000000000000138300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48894608aa081232021-12-17 11:40:36.061root 11241100x8000000000000000138301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c0cdd962f31fc02021-12-17 11:40:36.061root 11241100x8000000000000000138302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f914c9e7ba2f4a2021-12-17 11:40:36.061root 11241100x8000000000000000138303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234031074dbaef862021-12-17 11:40:36.061root 11241100x8000000000000000138304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06524baa0876b5482021-12-17 11:40:36.061root 11241100x8000000000000000138305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452bf5a72703f55e2021-12-17 11:40:36.061root 354300x8000000000000000138306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.081{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43274-false10.0.1.12-8000- 11241100x8000000000000000138307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53930468e4c95faf2021-12-17 11:40:36.558root 11241100x8000000000000000138308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90379cd15e353c6c2021-12-17 11:40:36.558root 11241100x8000000000000000138309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367b3823ec542b672021-12-17 11:40:36.558root 11241100x8000000000000000138310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6559890dc71120d22021-12-17 11:40:36.558root 11241100x8000000000000000138311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53caa0ecd8768f8c2021-12-17 11:40:36.558root 11241100x8000000000000000138312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90087ed74d48f8f12021-12-17 11:40:36.558root 11241100x8000000000000000138313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e4abf4291d776c2021-12-17 11:40:36.558root 11241100x8000000000000000138314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cbae39eb93cdb12021-12-17 11:40:36.558root 11241100x8000000000000000138315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bdcddd4857f2ec2021-12-17 11:40:36.558root 11241100x8000000000000000138316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7853b1c47da7792021-12-17 11:40:36.558root 11241100x8000000000000000138317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b369dbd21abc5ec92021-12-17 11:40:36.559root 11241100x8000000000000000138318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b2585364d9623c2021-12-17 11:40:36.559root 11241100x8000000000000000138319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b54f59049e3f7742021-12-17 11:40:36.559root 11241100x8000000000000000138320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dcac606ee3e5482021-12-17 11:40:36.559root 11241100x8000000000000000138321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ede6947e192c722021-12-17 11:40:36.559root 11241100x8000000000000000138322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d86fd02961158f62021-12-17 11:40:36.559root 11241100x8000000000000000138323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276f70b3fcf09c9d2021-12-17 11:40:36.559root 11241100x8000000000000000138324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b9c8d6abd53f5c2021-12-17 11:40:36.559root 11241100x8000000000000000138325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e58be3c81a0b2a2021-12-17 11:40:36.559root 11241100x8000000000000000138326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddab1eeafcdb1b52021-12-17 11:40:36.559root 11241100x8000000000000000138327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40048f7baa2cfa492021-12-17 11:40:36.559root 11241100x8000000000000000138328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04527cd291352e22021-12-17 11:40:36.559root 11241100x8000000000000000138329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cda9e694232f24d2021-12-17 11:40:36.559root 11241100x8000000000000000138330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c950348bc0b40b2021-12-17 11:40:36.559root 11241100x8000000000000000138331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a3a09942e2ded02021-12-17 11:40:36.560root 11241100x8000000000000000138332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c75acc7d6e21052021-12-17 11:40:36.560root 11241100x8000000000000000138333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6102734313bba1f22021-12-17 11:40:36.560root 11241100x8000000000000000138334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b63217c9f5f6d662021-12-17 11:40:36.560root 11241100x8000000000000000138335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cad70fb6012db32021-12-17 11:40:36.561root 11241100x8000000000000000138336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0825a819da15edf2021-12-17 11:40:36.561root 11241100x8000000000000000138337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4303633b4d8251f52021-12-17 11:40:36.561root 11241100x8000000000000000138338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01db60e93cff8c652021-12-17 11:40:36.561root 11241100x8000000000000000138339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5863b25f34822bd52021-12-17 11:40:36.561root 11241100x8000000000000000138340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7a5eb0bc27531b2021-12-17 11:40:36.562root 11241100x8000000000000000138341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:36.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461c180f0e1b19942021-12-17 11:40:36.562root 11241100x8000000000000000138342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2257fdd0c4a49bc2021-12-17 11:40:37.058root 11241100x8000000000000000138343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b494cc5a96d98be2021-12-17 11:40:37.058root 11241100x8000000000000000138344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0bb09f37b7dd5e2021-12-17 11:40:37.058root 11241100x8000000000000000138345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fcd173cf6fa0e12021-12-17 11:40:37.058root 11241100x8000000000000000138346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5db5b5bbbea69b92021-12-17 11:40:37.058root 11241100x8000000000000000138347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50dbd39a6b7f2002021-12-17 11:40:37.058root 11241100x8000000000000000138348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48529f020f0134be2021-12-17 11:40:37.058root 11241100x8000000000000000138349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b10fd453584c132021-12-17 11:40:37.058root 11241100x8000000000000000138350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1fe3984897a4d12021-12-17 11:40:37.059root 11241100x8000000000000000138351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35573fb5264ba4f02021-12-17 11:40:37.059root 11241100x8000000000000000138352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113633215aa8b3c82021-12-17 11:40:37.059root 11241100x8000000000000000138353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a86637b29797d4c2021-12-17 11:40:37.059root 11241100x8000000000000000138354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170db7f444a7154e2021-12-17 11:40:37.059root 11241100x8000000000000000138355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61071446e846d4c82021-12-17 11:40:37.059root 11241100x8000000000000000138356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779cf57f4428c7f82021-12-17 11:40:37.059root 11241100x8000000000000000138357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94f1370b7e866e62021-12-17 11:40:37.059root 11241100x8000000000000000138358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801a8f19fb664fb62021-12-17 11:40:37.059root 11241100x8000000000000000138359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a3efa4c8167b3b2021-12-17 11:40:37.059root 11241100x8000000000000000138360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af326784a3721f9c2021-12-17 11:40:37.059root 11241100x8000000000000000138361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310fbe47e162e8552021-12-17 11:40:37.059root 11241100x8000000000000000138362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1426b389948cd1132021-12-17 11:40:37.059root 11241100x8000000000000000138363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd04966eb82413f2021-12-17 11:40:37.060root 11241100x8000000000000000138364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81c8163f4e1f5cd2021-12-17 11:40:37.060root 11241100x8000000000000000138365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854d5fbe309e897a2021-12-17 11:40:37.060root 11241100x8000000000000000138366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a6197b392bd1272021-12-17 11:40:37.060root 11241100x8000000000000000138367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b6dc813982b41a2021-12-17 11:40:37.060root 11241100x8000000000000000138368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672f49d35f95011c2021-12-17 11:40:37.060root 11241100x8000000000000000138369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf22fab197c124c2021-12-17 11:40:37.060root 11241100x8000000000000000138370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085c2f0ceacaa46a2021-12-17 11:40:37.060root 11241100x8000000000000000138371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8677ba40e3894dc2021-12-17 11:40:37.060root 11241100x8000000000000000138372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360d232ce297ac7b2021-12-17 11:40:37.060root 11241100x8000000000000000138373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc2b070288b1eb72021-12-17 11:40:37.060root 11241100x8000000000000000138374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8707c16b20aa49f2021-12-17 11:40:37.060root 11241100x8000000000000000138375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001308c40dba9d952021-12-17 11:40:37.060root 11241100x8000000000000000138376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2e0a8e579aba802021-12-17 11:40:37.060root 11241100x8000000000000000138377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37db0ff04fd935d92021-12-17 11:40:37.557root 11241100x8000000000000000138378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d22f34e2119e4aa2021-12-17 11:40:37.558root 11241100x8000000000000000138379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941cb47c65d329202021-12-17 11:40:37.558root 11241100x8000000000000000138380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce652d05c54cf052021-12-17 11:40:37.558root 11241100x8000000000000000138381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21827d13ac91f47d2021-12-17 11:40:37.558root 11241100x8000000000000000138382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1305279e20db1872021-12-17 11:40:37.558root 11241100x8000000000000000138383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0e20bb252030a82021-12-17 11:40:37.558root 11241100x8000000000000000138384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c683e85a351cd352021-12-17 11:40:37.558root 11241100x8000000000000000138385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79807b73e32e528e2021-12-17 11:40:37.558root 11241100x8000000000000000138386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e18b98c698041a2021-12-17 11:40:37.558root 11241100x8000000000000000138387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff9edb7771592ba2021-12-17 11:40:37.558root 11241100x8000000000000000138388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbd600d547897ad2021-12-17 11:40:37.558root 11241100x8000000000000000138389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3ba782acc0e9932021-12-17 11:40:37.558root 11241100x8000000000000000138390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bf2bab295807e72021-12-17 11:40:37.559root 11241100x8000000000000000138391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56de52ef22b1cba62021-12-17 11:40:37.559root 11241100x8000000000000000138392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64956eaa3d04a542021-12-17 11:40:37.559root 11241100x8000000000000000138393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30055796c970ebdb2021-12-17 11:40:37.559root 11241100x8000000000000000138394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044426ccde61194f2021-12-17 11:40:37.559root 11241100x8000000000000000138395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a416687d799b892021-12-17 11:40:37.559root 11241100x8000000000000000138396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7e30849b7a6bc02021-12-17 11:40:37.559root 11241100x8000000000000000138397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f1b4ff59538cda2021-12-17 11:40:37.559root 11241100x8000000000000000138398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f1c31f6b18727f2021-12-17 11:40:37.559root 11241100x8000000000000000138399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87bbde8f3fad63b2021-12-17 11:40:37.559root 11241100x8000000000000000138400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dad1fc16f64c532021-12-17 11:40:37.559root 11241100x8000000000000000138401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031080bcd0b9a7462021-12-17 11:40:37.559root 11241100x8000000000000000138402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a26dcc4e2b431e2021-12-17 11:40:37.559root 11241100x8000000000000000138403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25941ab85a6907b2021-12-17 11:40:37.559root 11241100x8000000000000000138404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537f8a0f3d224bac2021-12-17 11:40:37.559root 11241100x8000000000000000138405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8706e33a520671a92021-12-17 11:40:37.560root 11241100x8000000000000000138406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d751b53450e86882021-12-17 11:40:37.560root 11241100x8000000000000000138407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a0b1df8316c7182021-12-17 11:40:37.560root 11241100x8000000000000000138408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaaf5c5ebd717942021-12-17 11:40:37.560root 11241100x8000000000000000138409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72a6d6aaf0ee7c02021-12-17 11:40:37.560root 11241100x8000000000000000138410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340cfdfb4eb379972021-12-17 11:40:37.560root 11241100x8000000000000000138411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:37.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa3c22b1badb75b2021-12-17 11:40:37.560root 11241100x8000000000000000138412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017ce8b772972f622021-12-17 11:40:38.057root 11241100x8000000000000000138413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f772a104fe77eb402021-12-17 11:40:38.058root 11241100x8000000000000000138414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a270b26ee84f7712021-12-17 11:40:38.058root 11241100x8000000000000000138415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dd258e86f4dcf62021-12-17 11:40:38.058root 11241100x8000000000000000138416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5018cd40b5c0bf6c2021-12-17 11:40:38.058root 11241100x8000000000000000138417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b29c48d154fe542021-12-17 11:40:38.058root 11241100x8000000000000000138418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee99ed3dc2d063a82021-12-17 11:40:38.058root 11241100x8000000000000000138419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa272c5f4528682b2021-12-17 11:40:38.058root 11241100x8000000000000000138420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9856983fae6349ed2021-12-17 11:40:38.058root 11241100x8000000000000000138421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012827535cff85fc2021-12-17 11:40:38.058root 11241100x8000000000000000138422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbd4c8634c9a0612021-12-17 11:40:38.058root 11241100x8000000000000000138423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1652ced30aab51bd2021-12-17 11:40:38.058root 11241100x8000000000000000138424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee020a2abce0f1d2021-12-17 11:40:38.058root 11241100x8000000000000000138425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca929ca9381dceaa2021-12-17 11:40:38.058root 11241100x8000000000000000138426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ffa4db814a3fb82021-12-17 11:40:38.059root 11241100x8000000000000000138427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f52988a1eedbb52021-12-17 11:40:38.059root 11241100x8000000000000000138428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d95bdf858e85912021-12-17 11:40:38.059root 11241100x8000000000000000138429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6edb328d95f946a2021-12-17 11:40:38.059root 11241100x8000000000000000138430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59abef745e6c980a2021-12-17 11:40:38.059root 11241100x8000000000000000138431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d1a1e56bcea88e2021-12-17 11:40:38.059root 11241100x8000000000000000138432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41e20ec3fe3a69c2021-12-17 11:40:38.059root 11241100x8000000000000000138433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d0aaadd2110cfd2021-12-17 11:40:38.059root 11241100x8000000000000000138434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53aeb065f2272af32021-12-17 11:40:38.059root 11241100x8000000000000000138435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438c4f0d1856943f2021-12-17 11:40:38.059root 11241100x8000000000000000138436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c65322651ed3852021-12-17 11:40:38.059root 11241100x8000000000000000138437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95219ce92c61a1e12021-12-17 11:40:38.059root 11241100x8000000000000000138438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b08bc8ff8522cf2021-12-17 11:40:38.060root 11241100x8000000000000000138439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539740ef685d0fa62021-12-17 11:40:38.060root 11241100x8000000000000000138440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8984e6f6e8fb43ed2021-12-17 11:40:38.060root 11241100x8000000000000000138441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45d9d893d3ad9782021-12-17 11:40:38.060root 11241100x8000000000000000138442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf65d1efbed03ce2021-12-17 11:40:38.060root 11241100x8000000000000000138443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bda5006d9d77c12021-12-17 11:40:38.060root 11241100x8000000000000000138444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1419fb2d4603ae2021-12-17 11:40:38.060root 11241100x8000000000000000138445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e54bf25cba94f042021-12-17 11:40:38.060root 11241100x8000000000000000138446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d238d78ecc7a0a2021-12-17 11:40:38.060root 11241100x8000000000000000138447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb680fa15ad99ae22021-12-17 11:40:38.557root 11241100x8000000000000000138448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c5e3118b8271532021-12-17 11:40:38.558root 11241100x8000000000000000138449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec25c47aa57f53f2021-12-17 11:40:38.558root 11241100x8000000000000000138450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260507db41a631592021-12-17 11:40:38.558root 11241100x8000000000000000138451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0383d374f2b55022021-12-17 11:40:38.558root 11241100x8000000000000000138452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4619946c1dd16a2021-12-17 11:40:38.558root 11241100x8000000000000000138453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c778544480a90bb72021-12-17 11:40:38.558root 11241100x8000000000000000138454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed78fcb569d17302021-12-17 11:40:38.558root 11241100x8000000000000000138455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9511d70fe8f3932021-12-17 11:40:38.558root 11241100x8000000000000000138456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e593c07b1112872021-12-17 11:40:38.558root 11241100x8000000000000000138457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305b7bc035cfbe9b2021-12-17 11:40:38.558root 11241100x8000000000000000138458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a016efa3f1024e812021-12-17 11:40:38.558root 11241100x8000000000000000138459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b13d9edcb1cfeb2021-12-17 11:40:38.558root 11241100x8000000000000000138460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1807f93b05208e42021-12-17 11:40:38.558root 11241100x8000000000000000138461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a4b60c369918fc2021-12-17 11:40:38.559root 11241100x8000000000000000138462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca05c599b6bacb9f2021-12-17 11:40:38.559root 11241100x8000000000000000138463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b482cdecdba55b2021-12-17 11:40:38.559root 11241100x8000000000000000138464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6901725e51d0d9e32021-12-17 11:40:38.559root 11241100x8000000000000000138465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd909063af987ac52021-12-17 11:40:38.559root 11241100x8000000000000000138466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cc8ad5eeca9bbc2021-12-17 11:40:38.559root 11241100x8000000000000000138467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0833e0dc79019f2021-12-17 11:40:38.559root 11241100x8000000000000000138468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c56f07d84474c12021-12-17 11:40:38.559root 11241100x8000000000000000138469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab3e2ca92c3e42b2021-12-17 11:40:38.559root 11241100x8000000000000000138470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d2be4cf92bf1d32021-12-17 11:40:38.559root 11241100x8000000000000000138471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4987536583cc7082021-12-17 11:40:38.559root 11241100x8000000000000000138472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5c33ee403d0b8b2021-12-17 11:40:38.559root 11241100x8000000000000000138473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c65738d9534d102021-12-17 11:40:38.559root 11241100x8000000000000000138474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d116a06aaeb2a892021-12-17 11:40:38.559root 11241100x8000000000000000138475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6ba42b5735075c2021-12-17 11:40:38.559root 11241100x8000000000000000138476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92fe943f73888ad2021-12-17 11:40:38.560root 11241100x8000000000000000138477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7714122a191b8f2021-12-17 11:40:38.560root 11241100x8000000000000000138478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14d261a406699432021-12-17 11:40:38.560root 11241100x8000000000000000138479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adc7cc224d5d43a2021-12-17 11:40:38.560root 11241100x8000000000000000138480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b9da30fe7ef0cb2021-12-17 11:40:38.560root 11241100x8000000000000000138481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d123325e47b49e532021-12-17 11:40:38.560root 154100x8000000000000000138482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.628{ec28ba6a-7736-61bc-583c-d13fbf550000}9415/tmp/evil_work/runc_cron-----./runc_cron/tmp/evil_workubuntu{ec28ba6a-70c8-61bc-e803-000000000000}10004no level-{ec28ba6a-70c8-61bc-0864-f69184550000}5342/bin/bash-bashubuntu 534500x8000000000000000138483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.629{ec28ba6a-7736-61bc-583c-d13fbf550000}9415/tmp/evil_work/runc_cronubuntu 154100x8000000000000000138484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.629{ec28ba6a-7736-61bc-68b2-b7234a560000}9417/bin/dash-----sh -c #/bin/bash echo "~/evil_cron.sh" >> /etc/init.d/logrotate echo "~/evil_cron.sh" >> /etc/init.d/logrotate echo "~/evil_cron.sh" >> /etc/crontab/logrotate echo "~/evil_cron.sh" >> /etc/cron.allow/logrotate echo "~/evil_cron.sh" >> /etc/cron.d/logrotate echo "~/evil_cron.sh" >> /etc/cron.deny/logrotate echo "~/evil_cron.sh" >> /etc/cron.daily/logrotate echo "~/evil_cron.sh" >> /etc/cron.hourly/logrotate echo "~/evil_cron.sh" >> /etc/cron.monthly/logrotate echo "~/evil_cron.sh" >> /etc/cron.weekly/logrotate echo "~/evil_cron.sh" >> /etc/anacrontab/logrotate echo "~/evil_cron.sh" >> /var/spool/cron/logrotate echo "~/evil_cron.sh" >> /var/spool/cron/crontabs/logrotate echo "~/evil_cron.sh" >> /etc/at.allow/logrotate echo "~/evil_cron.sh" >> /etc/at.deny/logrotate echo "echo 'Hello from Atomic Red Team' > /tmp/atomic.log"> /etc/cron.hourly/persistevil echo "echo 'Hello from Atomic Red Team' > /tmp/atomic.log"> /etc/cron.weekly/persistevil /tmp/evil_workubuntu{ec28ba6a-70c8-61bc-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}9416--- 534500x8000000000000000138485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.630{ec28ba6a-7736-61bc-68b2-b7234a560000}9417/bin/dashubuntu 534500x8000000000000000138486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:38.630{ec28ba6a-7736-61bc-0000-000000000000}9416-ubuntu 11241100x8000000000000000138487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a05ed7e58d06992021-12-17 11:40:39.058root 11241100x8000000000000000138488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817e8bd271e33e282021-12-17 11:40:39.058root 11241100x8000000000000000138489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e14f298926b6a22021-12-17 11:40:39.058root 11241100x8000000000000000138490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e63430eb411c3f2021-12-17 11:40:39.058root 11241100x8000000000000000138491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9c1ffa5454413d2021-12-17 11:40:39.058root 11241100x8000000000000000138492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8438e0e415d2032021-12-17 11:40:39.058root 11241100x8000000000000000138493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3ebf3531a833d42021-12-17 11:40:39.058root 11241100x8000000000000000138494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429dcc4b13ef971e2021-12-17 11:40:39.058root 11241100x8000000000000000138495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85977179fc12c3772021-12-17 11:40:39.058root 11241100x8000000000000000138496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ad3cdd38411c852021-12-17 11:40:39.058root 11241100x8000000000000000138497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619e3e84fcc9d1592021-12-17 11:40:39.059root 11241100x8000000000000000138498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4bcae6458bb2af2021-12-17 11:40:39.059root 11241100x8000000000000000138499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7762674d8ed7e92021-12-17 11:40:39.059root 11241100x8000000000000000138500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd92e6a180904252021-12-17 11:40:39.059root 11241100x8000000000000000138501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684cc0fb3cf349c62021-12-17 11:40:39.059root 11241100x8000000000000000138502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929361ab62d0ffe22021-12-17 11:40:39.059root 11241100x8000000000000000138503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69257c099e2189612021-12-17 11:40:39.059root 11241100x8000000000000000138504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9548554be20582f2021-12-17 11:40:39.059root 11241100x8000000000000000138505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ff203f1770ad1d2021-12-17 11:40:39.059root 11241100x8000000000000000138506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27c95513c9332712021-12-17 11:40:39.059root 11241100x8000000000000000138507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a100f8e73dcd04232021-12-17 11:40:39.059root 11241100x8000000000000000138508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846930e2cd0fee8e2021-12-17 11:40:39.059root 11241100x8000000000000000138509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3d98f2f44baed82021-12-17 11:40:39.059root 11241100x8000000000000000138510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246d86384b5d42522021-12-17 11:40:39.059root 11241100x8000000000000000138511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e324df9e5bdb122021-12-17 11:40:39.060root 11241100x8000000000000000138512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe07c57fd68409f2021-12-17 11:40:39.060root 11241100x8000000000000000138513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc67e7647ffb1a82021-12-17 11:40:39.060root 11241100x8000000000000000138514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b032afc45b0579e2021-12-17 11:40:39.060root 11241100x8000000000000000138515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d701ddbff4ebca2021-12-17 11:40:39.060root 11241100x8000000000000000138516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0df7cf2e2184e662021-12-17 11:40:39.060root 11241100x8000000000000000138517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1325e92b8fb199c52021-12-17 11:40:39.060root 11241100x8000000000000000138518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde530e42e0178c42021-12-17 11:40:39.060root 11241100x8000000000000000138519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e824b2ed0abda62021-12-17 11:40:39.060root 11241100x8000000000000000138520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84ed5559d923cd62021-12-17 11:40:39.061root 11241100x8000000000000000138521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b897a87f792bc342021-12-17 11:40:39.061root 11241100x8000000000000000138522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7369d735facb2b2021-12-17 11:40:39.061root 11241100x8000000000000000138523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0e0ef27419e20c2021-12-17 11:40:39.061root 11241100x8000000000000000138524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a599c65a03f30792021-12-17 11:40:39.061root 11241100x8000000000000000138525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2ec23caad811e92021-12-17 11:40:39.061root 11241100x8000000000000000138526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104b9f9f99a4ab062021-12-17 11:40:39.062root 11241100x8000000000000000138527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84d3967376c38ab2021-12-17 11:40:39.556root 11241100x8000000000000000138528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b3258b3c7c0d6a2021-12-17 11:40:39.557root 11241100x8000000000000000138529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd02ba924dfc5dd22021-12-17 11:40:39.557root 11241100x8000000000000000138530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfb44e5c47621382021-12-17 11:40:39.557root 11241100x8000000000000000138531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe25956d71c0ece92021-12-17 11:40:39.557root 11241100x8000000000000000138532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e111d9d84a941512021-12-17 11:40:39.557root 11241100x8000000000000000138533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebdd42d0f446a272021-12-17 11:40:39.557root 11241100x8000000000000000138534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bb70dead4f7a842021-12-17 11:40:39.557root 11241100x8000000000000000138535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e74916206487732021-12-17 11:40:39.558root 11241100x8000000000000000138536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ca93cf86b2a54a2021-12-17 11:40:39.558root 11241100x8000000000000000138537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380af093a42e57d32021-12-17 11:40:39.558root 11241100x8000000000000000138538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f29abe4244d03842021-12-17 11:40:39.558root 11241100x8000000000000000138539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe7619b851141a52021-12-17 11:40:39.558root 11241100x8000000000000000138540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c8122fd8ffc1d42021-12-17 11:40:39.558root 11241100x8000000000000000138541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5a664ab75e225f2021-12-17 11:40:39.559root 11241100x8000000000000000138542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaea63c85799c7c2021-12-17 11:40:39.559root 11241100x8000000000000000138543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760724e40c9c80f32021-12-17 11:40:39.559root 11241100x8000000000000000138544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b25a83d83f52c8d2021-12-17 11:40:39.559root 11241100x8000000000000000138545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255848196d3a4d252021-12-17 11:40:39.559root 11241100x8000000000000000138546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc151575b73c8082021-12-17 11:40:39.559root 11241100x8000000000000000138547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb293481a0da8532021-12-17 11:40:39.559root 11241100x8000000000000000138548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81994da33fb6e6222021-12-17 11:40:39.559root 11241100x8000000000000000138549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829083f085b858672021-12-17 11:40:39.560root 11241100x8000000000000000138550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31145babd24d7c32021-12-17 11:40:39.560root 11241100x8000000000000000138551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1d0f7f3378b5fb2021-12-17 11:40:39.560root 11241100x8000000000000000138552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6e6e820b57d0162021-12-17 11:40:39.560root 11241100x8000000000000000138553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038fc9f97aa409e72021-12-17 11:40:39.560root 11241100x8000000000000000138554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c5f241b35347152021-12-17 11:40:39.560root 11241100x8000000000000000138555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6e8030d7e743122021-12-17 11:40:39.560root 11241100x8000000000000000138556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d33fc60c378f182021-12-17 11:40:39.560root 11241100x8000000000000000138557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea269617d30077e22021-12-17 11:40:39.560root 11241100x8000000000000000138558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7908908884cf4952021-12-17 11:40:39.561root 11241100x8000000000000000138559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f13690ec80aa112021-12-17 11:40:39.561root 11241100x8000000000000000138560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9c9d72ea71adb12021-12-17 11:40:39.561root 11241100x8000000000000000138561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe4d1d0e73735b52021-12-17 11:40:39.561root 11241100x8000000000000000138562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e841dfd66f60d102021-12-17 11:40:39.561root 11241100x8000000000000000138563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76e18493e8c078c2021-12-17 11:40:39.561root 11241100x8000000000000000138564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb04e5b0bb17bb22021-12-17 11:40:39.561root 11241100x8000000000000000138565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578897f55013f53d2021-12-17 11:40:39.561root 11241100x8000000000000000138566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f496f98d3c57362021-12-17 11:40:39.561root 11241100x8000000000000000138567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d0a59cb491783e2021-12-17 11:40:39.561root 11241100x8000000000000000138568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ef9a6bb48106de2021-12-17 11:40:39.562root 11241100x8000000000000000138569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f44169698ee751a2021-12-17 11:40:39.562root 11241100x8000000000000000138570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45cf60a147778e02021-12-17 11:40:39.562root 11241100x8000000000000000138571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2c77134fc2016c2021-12-17 11:40:39.562root 11241100x8000000000000000138572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8e611f2acc82712021-12-17 11:40:39.562root 11241100x8000000000000000138573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cea0326375b4b72021-12-17 11:40:40.058root 11241100x8000000000000000138574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90129eb1a2e1c5e12021-12-17 11:40:40.058root 11241100x8000000000000000138575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14350de3243e96b32021-12-17 11:40:40.058root 11241100x8000000000000000138576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712773763a5988432021-12-17 11:40:40.058root 11241100x8000000000000000138577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70e4385c2c4f34c2021-12-17 11:40:40.058root 11241100x8000000000000000138578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae27acae7c7647312021-12-17 11:40:40.058root 11241100x8000000000000000138579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4485318ab31171b82021-12-17 11:40:40.058root 11241100x8000000000000000138580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82e83c550c5adf92021-12-17 11:40:40.058root 11241100x8000000000000000138581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a5af4711adff962021-12-17 11:40:40.058root 11241100x8000000000000000138582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164e74275990697b2021-12-17 11:40:40.058root 11241100x8000000000000000138583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695aaa5c8fbb0f902021-12-17 11:40:40.059root 11241100x8000000000000000138584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c9ad97c3649d8b2021-12-17 11:40:40.059root 11241100x8000000000000000138585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20610822a631a3c42021-12-17 11:40:40.059root 11241100x8000000000000000138586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e301231d04a84f112021-12-17 11:40:40.059root 11241100x8000000000000000138587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddaf434015524cb2021-12-17 11:40:40.059root 11241100x8000000000000000138588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95cef529f34c0ea2021-12-17 11:40:40.059root 11241100x8000000000000000138589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900f2525413669a32021-12-17 11:40:40.059root 11241100x8000000000000000138590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f460ba72cd294b2021-12-17 11:40:40.059root 11241100x8000000000000000138591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b2c4d1f02737062021-12-17 11:40:40.059root 11241100x8000000000000000138592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9efb1f7636883db2021-12-17 11:40:40.059root 11241100x8000000000000000138593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c6b5cbdec3a8812021-12-17 11:40:40.059root 11241100x8000000000000000138594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0857da253475712021-12-17 11:40:40.060root 11241100x8000000000000000138595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d45a53e7b8eb372021-12-17 11:40:40.060root 11241100x8000000000000000138596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab6be3425faf1ca2021-12-17 11:40:40.060root 11241100x8000000000000000138597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f5277e7d7e70112021-12-17 11:40:40.060root 11241100x8000000000000000138598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc10334b242611402021-12-17 11:40:40.060root 11241100x8000000000000000138599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95263b3fbbe10b222021-12-17 11:40:40.060root 11241100x8000000000000000138600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b202b6ad077fe6a2021-12-17 11:40:40.060root 11241100x8000000000000000138601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bd1b281985e7c32021-12-17 11:40:40.060root 11241100x8000000000000000138602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf12ac5c0e6235d62021-12-17 11:40:40.064root 11241100x8000000000000000138603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce033e9ec12b7d82021-12-17 11:40:40.064root 11241100x8000000000000000138604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73e4817bb55838b2021-12-17 11:40:40.064root 11241100x8000000000000000138605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c936171a5c165da82021-12-17 11:40:40.064root 11241100x8000000000000000138606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07688cbd192da5d2021-12-17 11:40:40.064root 11241100x8000000000000000138607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa11a55549379d52021-12-17 11:40:40.064root 11241100x8000000000000000138608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd925c4c06d04032021-12-17 11:40:40.065root 11241100x8000000000000000138609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4487ea2e72b2e62021-12-17 11:40:40.065root 11241100x8000000000000000138610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98384e4b6aea866b2021-12-17 11:40:40.065root 11241100x8000000000000000138611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502cd0599ad0b4c82021-12-17 11:40:40.065root 11241100x8000000000000000138612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b366be851cb4cc3f2021-12-17 11:40:40.065root 11241100x8000000000000000138613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8d40fcc8fcbae12021-12-17 11:40:40.558root 11241100x8000000000000000138614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f85a0bdd8e1be4a2021-12-17 11:40:40.558root 11241100x8000000000000000138615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bba182d99e264e32021-12-17 11:40:40.558root 11241100x8000000000000000138616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c2da9e78241f992021-12-17 11:40:40.558root 11241100x8000000000000000138617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2a4f3c84ee42b32021-12-17 11:40:40.558root 11241100x8000000000000000138618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdad5490c305bf72021-12-17 11:40:40.558root 11241100x8000000000000000138619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39666aee7bd5225b2021-12-17 11:40:40.558root 11241100x8000000000000000138620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71215549c3f8f012021-12-17 11:40:40.558root 11241100x8000000000000000138621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6d8581c2e493e22021-12-17 11:40:40.558root 11241100x8000000000000000138622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092216e0f1f4bcdc2021-12-17 11:40:40.559root 11241100x8000000000000000138623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a673c084fa0a27892021-12-17 11:40:40.559root 11241100x8000000000000000138624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9949f6ef8ca2dcb52021-12-17 11:40:40.559root 11241100x8000000000000000138625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879783281a1d2bf42021-12-17 11:40:40.559root 11241100x8000000000000000138626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e06b3d69a9a6502021-12-17 11:40:40.559root 11241100x8000000000000000138627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4361403a1b74206a2021-12-17 11:40:40.559root 11241100x8000000000000000138628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20071c20b07617ad2021-12-17 11:40:40.559root 11241100x8000000000000000138629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94947de1749833072021-12-17 11:40:40.559root 11241100x8000000000000000138630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89483d5aff787182021-12-17 11:40:40.559root 11241100x8000000000000000138631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2516884cd19e582021-12-17 11:40:40.559root 11241100x8000000000000000138632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa7c9595d7e08462021-12-17 11:40:40.559root 11241100x8000000000000000138633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637474ae66989a452021-12-17 11:40:40.559root 11241100x8000000000000000138634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685c640f74cc3aed2021-12-17 11:40:40.559root 11241100x8000000000000000138635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebdd1fab528b2bf2021-12-17 11:40:40.559root 11241100x8000000000000000138636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d45edccfc295992021-12-17 11:40:40.560root 11241100x8000000000000000138637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f5c0b623bb832b2021-12-17 11:40:40.560root 11241100x8000000000000000138638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13996db1e1ac92f22021-12-17 11:40:40.560root 11241100x8000000000000000138639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0663f5f3e065ef082021-12-17 11:40:40.560root 11241100x8000000000000000138640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2aaa781f8b089db2021-12-17 11:40:40.560root 11241100x8000000000000000138641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d58ec765c6229ab2021-12-17 11:40:40.560root 11241100x8000000000000000138642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8049d6ca7e24a4932021-12-17 11:40:40.560root 11241100x8000000000000000138643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37b226fe970e3bb2021-12-17 11:40:40.560root 11241100x8000000000000000138644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042bd1de008d18392021-12-17 11:40:40.560root 11241100x8000000000000000138645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da5c1226a85ca972021-12-17 11:40:40.560root 11241100x8000000000000000138646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9897aebcc1b60d142021-12-17 11:40:40.560root 11241100x8000000000000000138647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6725864fab66d69c2021-12-17 11:40:40.560root 11241100x8000000000000000138648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9a2702265fed422021-12-17 11:40:40.560root 11241100x8000000000000000138649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb14a93e7b3568e2021-12-17 11:40:40.560root 11241100x8000000000000000138650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee508a650783b50b2021-12-17 11:40:40.560root 11241100x8000000000000000138651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47fadd8089f75182021-12-17 11:40:40.561root 11241100x8000000000000000138652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:40.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3a6a328c938ef82021-12-17 11:40:40.561root 11241100x8000000000000000138653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b77d20befb8155e2021-12-17 11:40:41.058root 11241100x8000000000000000138654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeeca82949957472021-12-17 11:40:41.058root 11241100x8000000000000000138655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4861efc3ccf5c8852021-12-17 11:40:41.058root 11241100x8000000000000000138656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf34462fdb77fa122021-12-17 11:40:41.058root 11241100x8000000000000000138657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489345df6150077e2021-12-17 11:40:41.058root 11241100x8000000000000000138658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192a3cd0dda13a8a2021-12-17 11:40:41.058root 11241100x8000000000000000138659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915ea15078a846cd2021-12-17 11:40:41.058root 11241100x8000000000000000138660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae16c4ed3308a2662021-12-17 11:40:41.058root 11241100x8000000000000000138661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e47ccb78381e5782021-12-17 11:40:41.058root 11241100x8000000000000000138662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c47af0beb10b8622021-12-17 11:40:41.058root 11241100x8000000000000000138663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18320e1056e351dc2021-12-17 11:40:41.059root 11241100x8000000000000000138664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411a50f4f444cd972021-12-17 11:40:41.059root 11241100x8000000000000000138665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfae3503e596bac2021-12-17 11:40:41.059root 11241100x8000000000000000138666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417af0956f7e97e82021-12-17 11:40:41.059root 11241100x8000000000000000138667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3665da03bcec82b2021-12-17 11:40:41.059root 11241100x8000000000000000138668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babe682b0075300c2021-12-17 11:40:41.059root 11241100x8000000000000000138669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b081855fa52a4ec2021-12-17 11:40:41.059root 11241100x8000000000000000138670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7a9405195eef7b2021-12-17 11:40:41.059root 11241100x8000000000000000138671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6481563098d8ed2021-12-17 11:40:41.059root 11241100x8000000000000000138672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f45fc744f03eea2021-12-17 11:40:41.059root 11241100x8000000000000000138673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fdb54a99f882cf2021-12-17 11:40:41.059root 11241100x8000000000000000138674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe64ff1345833f82021-12-17 11:40:41.059root 11241100x8000000000000000138675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8614df91e79f032021-12-17 11:40:41.059root 11241100x8000000000000000138676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1788ac6323a0aabb2021-12-17 11:40:41.059root 11241100x8000000000000000138677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b541fa6f261bdf02021-12-17 11:40:41.059root 11241100x8000000000000000138678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4661341f5a8e6c42021-12-17 11:40:41.059root 11241100x8000000000000000138679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f2d7f3425f49a42021-12-17 11:40:41.060root 11241100x8000000000000000138680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3022a0326d3d21a52021-12-17 11:40:41.060root 11241100x8000000000000000138681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a9a1a93502dd532021-12-17 11:40:41.060root 11241100x8000000000000000138682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1697a0f34337eefd2021-12-17 11:40:41.060root 11241100x8000000000000000138683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f038e597bbfc8cd2021-12-17 11:40:41.060root 11241100x8000000000000000138684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba36578a13635bf72021-12-17 11:40:41.060root 11241100x8000000000000000138685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bb6bc7fc0e39fa2021-12-17 11:40:41.060root 11241100x8000000000000000138686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644f8d4c5c5361c92021-12-17 11:40:41.060root 11241100x8000000000000000138687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa48e35d3019d0b2021-12-17 11:40:41.060root 11241100x8000000000000000138688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0f9dcfff30b0a22021-12-17 11:40:41.060root 11241100x8000000000000000138689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1734431f76e964b2021-12-17 11:40:41.060root 11241100x8000000000000000138690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c87ddeeac567262021-12-17 11:40:41.060root 11241100x8000000000000000138691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad06127a9387af1c2021-12-17 11:40:41.061root 11241100x8000000000000000138692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451b652af3adcfc12021-12-17 11:40:41.061root 354300x8000000000000000138693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.137{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43276-false10.0.1.12-8000- 11241100x8000000000000000138694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7280185c37dfbc3c2021-12-17 11:40:41.558root 11241100x8000000000000000138695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbccd62d614a5bb2021-12-17 11:40:41.559root 11241100x8000000000000000138696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f6907ff1d3d7c02021-12-17 11:40:41.559root 11241100x8000000000000000138697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bc8a63589621a22021-12-17 11:40:41.560root 11241100x8000000000000000138698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd3ec5711168ca12021-12-17 11:40:41.560root 11241100x8000000000000000138699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181d36195bb34a9d2021-12-17 11:40:41.561root 11241100x8000000000000000138700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9ff1b12af416a32021-12-17 11:40:41.561root 11241100x8000000000000000138701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599d95320e3a0e0f2021-12-17 11:40:41.561root 11241100x8000000000000000138702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588b22acc970209c2021-12-17 11:40:41.561root 11241100x8000000000000000138703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27af80b4a51ae1cc2021-12-17 11:40:41.561root 11241100x8000000000000000138704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51766ac84ab65ba2021-12-17 11:40:41.561root 11241100x8000000000000000138705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc23739b9f7fd582021-12-17 11:40:41.561root 11241100x8000000000000000138706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23c578d547e76f42021-12-17 11:40:41.561root 11241100x8000000000000000138707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58dfe5f42f0bba12021-12-17 11:40:41.561root 11241100x8000000000000000138708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08470ebdb27e8a902021-12-17 11:40:41.561root 11241100x8000000000000000138709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed1190315495ee82021-12-17 11:40:41.562root 11241100x8000000000000000138710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ae07735d5bfa5e2021-12-17 11:40:41.562root 11241100x8000000000000000138711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe942bcc2dd6d02d2021-12-17 11:40:41.562root 11241100x8000000000000000138712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf06fbef808d3c02021-12-17 11:40:41.562root 11241100x8000000000000000138713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8529caccb55d93912021-12-17 11:40:41.563root 11241100x8000000000000000138714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ae305cf03fd4da2021-12-17 11:40:41.563root 11241100x8000000000000000138715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0babe34c37f5d46c2021-12-17 11:40:41.563root 11241100x8000000000000000138716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c69f9c86e585032021-12-17 11:40:41.563root 11241100x8000000000000000138717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37de83cb5f779ccd2021-12-17 11:40:41.563root 11241100x8000000000000000138718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ba137d5ca3c0e62021-12-17 11:40:41.563root 11241100x8000000000000000138719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3bbbb020b8e4fd2021-12-17 11:40:41.563root 11241100x8000000000000000138720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71eeefc0594ccd192021-12-17 11:40:41.563root 11241100x8000000000000000138721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791ea0fbabe2fe1b2021-12-17 11:40:41.564root 11241100x8000000000000000138722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7386565159c345e02021-12-17 11:40:41.564root 11241100x8000000000000000138723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0296de47b8cb0ca42021-12-17 11:40:41.564root 11241100x8000000000000000138724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407b47e19068d4bd2021-12-17 11:40:41.564root 11241100x8000000000000000138725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386902f0f95d561a2021-12-17 11:40:41.564root 11241100x8000000000000000138726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e605eccbd5de99a2021-12-17 11:40:41.564root 11241100x8000000000000000138727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c74850e433a7952021-12-17 11:40:41.564root 11241100x8000000000000000138728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca139c84633f6522021-12-17 11:40:41.564root 11241100x8000000000000000138729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f039e0ea1b953832021-12-17 11:40:41.564root 11241100x8000000000000000138730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1465318d6ace2bff2021-12-17 11:40:41.564root 11241100x8000000000000000138731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60a3bda2e58bf822021-12-17 11:40:41.564root 11241100x8000000000000000138732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a42c7a1ebd0af12021-12-17 11:40:41.564root 11241100x8000000000000000138733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157fdb97687085352021-12-17 11:40:41.564root 11241100x8000000000000000138734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:41.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21718ad573c8ed6b2021-12-17 11:40:41.564root 11241100x8000000000000000138735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51be6051121f1fd52021-12-17 11:40:42.058root 11241100x8000000000000000138736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb400ffe223dfd0d2021-12-17 11:40:42.058root 11241100x8000000000000000138737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5802aa163a8ab7d32021-12-17 11:40:42.058root 11241100x8000000000000000138738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1e7b21385796812021-12-17 11:40:42.058root 11241100x8000000000000000138739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a617d09db6e2c7e02021-12-17 11:40:42.058root 11241100x8000000000000000138740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c507715be1491852021-12-17 11:40:42.058root 11241100x8000000000000000138741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fd1c754251a2af2021-12-17 11:40:42.058root 11241100x8000000000000000138742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9862f3f80a4b72d32021-12-17 11:40:42.058root 11241100x8000000000000000138743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67cd3858bbc57272021-12-17 11:40:42.058root 11241100x8000000000000000138744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d069891b26e77cf2021-12-17 11:40:42.059root 11241100x8000000000000000138745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcba57a27b8b6d802021-12-17 11:40:42.059root 11241100x8000000000000000138746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb50e77216986702021-12-17 11:40:42.059root 11241100x8000000000000000138747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a685dac436cfad3e2021-12-17 11:40:42.059root 11241100x8000000000000000138748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8a69afdd0f06412021-12-17 11:40:42.059root 11241100x8000000000000000138749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f49984b05f06c1c2021-12-17 11:40:42.059root 11241100x8000000000000000138750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab55611818f692e72021-12-17 11:40:42.059root 11241100x8000000000000000138751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456e5cb292e0b5dd2021-12-17 11:40:42.059root 11241100x8000000000000000138752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b990b039434865fb2021-12-17 11:40:42.059root 11241100x8000000000000000138753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77d773b7db7da772021-12-17 11:40:42.059root 11241100x8000000000000000138754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6eaacf83c6e49f2021-12-17 11:40:42.059root 11241100x8000000000000000138755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efb17f2a113bcbb2021-12-17 11:40:42.059root 11241100x8000000000000000138756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae72943f34f5e9c2021-12-17 11:40:42.059root 11241100x8000000000000000138757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff228bb7ffdbac772021-12-17 11:40:42.059root 11241100x8000000000000000138758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352f6f25972103b22021-12-17 11:40:42.060root 11241100x8000000000000000138759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81563b7eebbe0ea2021-12-17 11:40:42.060root 11241100x8000000000000000138760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85555a81925ab6f32021-12-17 11:40:42.060root 11241100x8000000000000000138761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef16cb9f8144a97a2021-12-17 11:40:42.060root 11241100x8000000000000000138762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e172963b353bf22021-12-17 11:40:42.060root 11241100x8000000000000000138763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0355f079ff17e102021-12-17 11:40:42.060root 11241100x8000000000000000138764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec032f628c70566f2021-12-17 11:40:42.060root 11241100x8000000000000000138765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf25334d20b845cd2021-12-17 11:40:42.060root 11241100x8000000000000000138766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d65bc51fcfc130c2021-12-17 11:40:42.060root 11241100x8000000000000000138767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345bdc5ea2ac0fad2021-12-17 11:40:42.060root 11241100x8000000000000000138768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca9f1600d077cd62021-12-17 11:40:42.060root 11241100x8000000000000000138769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e3220c1e71b9e32021-12-17 11:40:42.061root 11241100x8000000000000000138770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5eea3a3e904f502021-12-17 11:40:42.062root 11241100x8000000000000000138771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c507e4ba76258992021-12-17 11:40:42.062root 11241100x8000000000000000138772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8d7eb114800e702021-12-17 11:40:42.062root 11241100x8000000000000000138773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731ae735751e59482021-12-17 11:40:42.062root 11241100x8000000000000000138774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730067d43dbc43cb2021-12-17 11:40:42.062root 11241100x8000000000000000138775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df85c25f1d442aa2021-12-17 11:40:42.062root 11241100x8000000000000000138776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bbf8e6634cc7062021-12-17 11:40:42.558root 11241100x8000000000000000138777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfac520d12f5b5202021-12-17 11:40:42.558root 11241100x8000000000000000138778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68658408cafbdad82021-12-17 11:40:42.558root 11241100x8000000000000000138779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8a8974ae8221c52021-12-17 11:40:42.558root 11241100x8000000000000000138780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8330b1d263a025d2021-12-17 11:40:42.558root 11241100x8000000000000000138781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0b5fc302f746612021-12-17 11:40:42.558root 11241100x8000000000000000138782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaaf34697c9d65562021-12-17 11:40:42.558root 11241100x8000000000000000138783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12d900481ea15742021-12-17 11:40:42.558root 11241100x8000000000000000138784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9035df2747f002052021-12-17 11:40:42.558root 11241100x8000000000000000138785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4381df60051170fa2021-12-17 11:40:42.558root 11241100x8000000000000000138786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adda3435c01793ee2021-12-17 11:40:42.559root 11241100x8000000000000000138787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e7e9822092884e2021-12-17 11:40:42.559root 11241100x8000000000000000138788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98734990f0aa1d72021-12-17 11:40:42.559root 11241100x8000000000000000138789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f5c9955e0c070d2021-12-17 11:40:42.559root 11241100x8000000000000000138790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c258d02c0af056b62021-12-17 11:40:42.559root 11241100x8000000000000000138791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb7ddb4290f93ff2021-12-17 11:40:42.559root 11241100x8000000000000000138792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba3b1b174a3dd372021-12-17 11:40:42.559root 11241100x8000000000000000138793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5adbc287100bd42021-12-17 11:40:42.559root 11241100x8000000000000000138794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed3d0fcf2016c022021-12-17 11:40:42.559root 11241100x8000000000000000138795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d502e679579825cc2021-12-17 11:40:42.559root 11241100x8000000000000000138796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99d85f6cae4ab032021-12-17 11:40:42.559root 11241100x8000000000000000138797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64564561aa179b7d2021-12-17 11:40:42.559root 11241100x8000000000000000138798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34898516521af2342021-12-17 11:40:42.559root 11241100x8000000000000000138799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bac6704e38c641f2021-12-17 11:40:42.559root 11241100x8000000000000000138800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d30d24b701201ce2021-12-17 11:40:42.560root 11241100x8000000000000000138801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16384be597bed46a2021-12-17 11:40:42.560root 11241100x8000000000000000138802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bf4811803719ab2021-12-17 11:40:42.560root 11241100x8000000000000000138803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19848c58cba19cec2021-12-17 11:40:42.560root 11241100x8000000000000000138804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc86a8accf397c92021-12-17 11:40:42.560root 11241100x8000000000000000138805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4146a7712cca9f182021-12-17 11:40:42.560root 11241100x8000000000000000138806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03de2a9649736dba2021-12-17 11:40:42.560root 11241100x8000000000000000138807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590e06226426a3dd2021-12-17 11:40:42.560root 11241100x8000000000000000138808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682be81558451f802021-12-17 11:40:42.560root 11241100x8000000000000000138809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d41364bd93eca902021-12-17 11:40:42.560root 11241100x8000000000000000138810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1502af66cd1d4e82021-12-17 11:40:42.560root 11241100x8000000000000000138811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5a854303f53a9d2021-12-17 11:40:42.560root 11241100x8000000000000000138812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a5f09ad269828f2021-12-17 11:40:42.560root 11241100x8000000000000000138813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e042a8394f278c5d2021-12-17 11:40:42.560root 11241100x8000000000000000138814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901b3ef7320fa4d12021-12-17 11:40:42.560root 11241100x8000000000000000138815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13ac312aee8c0a72021-12-17 11:40:42.560root 11241100x8000000000000000138816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:42.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a40f8c15d87c582021-12-17 11:40:42.561root 11241100x8000000000000000138817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c418c0e452c60c2021-12-17 11:40:43.058root 11241100x8000000000000000138818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae1a6e28ee2a2f12021-12-17 11:40:43.058root 11241100x8000000000000000138819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2f1dc6cdab56652021-12-17 11:40:43.058root 11241100x8000000000000000138820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23c4c7a04fea2582021-12-17 11:40:43.058root 11241100x8000000000000000138821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d929487d22894212021-12-17 11:40:43.058root 11241100x8000000000000000138822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3195436dc38d6d892021-12-17 11:40:43.058root 11241100x8000000000000000138823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d589743efbbeefd2021-12-17 11:40:43.059root 11241100x8000000000000000138824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda3a12ec38fcfdb2021-12-17 11:40:43.059root 11241100x8000000000000000138825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d3e0c5e90893dc2021-12-17 11:40:43.059root 11241100x8000000000000000138826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa33f135f909dd9f2021-12-17 11:40:43.059root 11241100x8000000000000000138827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126790926d194aa02021-12-17 11:40:43.059root 11241100x8000000000000000138828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3330aead642f4ebc2021-12-17 11:40:43.059root 11241100x8000000000000000138829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2dfed8b183f4672021-12-17 11:40:43.059root 11241100x8000000000000000138830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48ffd05cf872e972021-12-17 11:40:43.059root 11241100x8000000000000000138831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c5ca94d4801aad2021-12-17 11:40:43.059root 11241100x8000000000000000138832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92888857d89186db2021-12-17 11:40:43.059root 11241100x8000000000000000138833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8c17aec08a4d522021-12-17 11:40:43.059root 11241100x8000000000000000138834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e54b84422621912021-12-17 11:40:43.059root 11241100x8000000000000000138835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff50fd2033d270f2021-12-17 11:40:43.060root 11241100x8000000000000000138836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe04fd6890e573c32021-12-17 11:40:43.060root 11241100x8000000000000000138837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9b753baa3b17552021-12-17 11:40:43.060root 11241100x8000000000000000138838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baba85532b5c2c8e2021-12-17 11:40:43.060root 11241100x8000000000000000138839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23daaa17bea37922021-12-17 11:40:43.060root 11241100x8000000000000000138840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489db55fe8c50ea12021-12-17 11:40:43.060root 11241100x8000000000000000138841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c6790aaa25f9dc2021-12-17 11:40:43.060root 11241100x8000000000000000138842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326b1dabf13a31b62021-12-17 11:40:43.060root 11241100x8000000000000000138843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1625abbffd7f09ed2021-12-17 11:40:43.060root 11241100x8000000000000000138844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093ac5e3100539e62021-12-17 11:40:43.060root 11241100x8000000000000000138845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7504351af7e96ba12021-12-17 11:40:43.062root 11241100x8000000000000000138846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ad8c5a5094448a2021-12-17 11:40:43.062root 11241100x8000000000000000138847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b43ebf67ba97b72021-12-17 11:40:43.064root 11241100x8000000000000000138848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32392fa4b6161fda2021-12-17 11:40:43.064root 11241100x8000000000000000138849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6719943d49be25cb2021-12-17 11:40:43.064root 11241100x8000000000000000138850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a66c29af8d851db2021-12-17 11:40:43.064root 11241100x8000000000000000138851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1794bfa1640f6ecd2021-12-17 11:40:43.064root 11241100x8000000000000000138852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad6f2ca3f3f12f72021-12-17 11:40:43.064root 11241100x8000000000000000138853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7320b70aba97bc2021-12-17 11:40:43.064root 11241100x8000000000000000138854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb89bc715d573ae2021-12-17 11:40:43.066root 11241100x8000000000000000138855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1edc8c8496ca9d12021-12-17 11:40:43.066root 11241100x8000000000000000138856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6953fd53c621db92021-12-17 11:40:43.066root 11241100x8000000000000000138857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6916a758232942372021-12-17 11:40:43.066root 11241100x8000000000000000138858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e146eff51968e9d42021-12-17 11:40:43.558root 11241100x8000000000000000138859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db67b881365049d2021-12-17 11:40:43.558root 11241100x8000000000000000138860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d77c1812fd243212021-12-17 11:40:43.558root 11241100x8000000000000000138861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee17be22466913d62021-12-17 11:40:43.558root 11241100x8000000000000000138862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05181bbefbe1e2142021-12-17 11:40:43.558root 11241100x8000000000000000138863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c802b1f9080ceb2021-12-17 11:40:43.558root 11241100x8000000000000000138864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e49f2735ab0d33c2021-12-17 11:40:43.558root 11241100x8000000000000000138865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8303fe756fa0c32021-12-17 11:40:43.558root 11241100x8000000000000000138866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0360b25f3c2e192021-12-17 11:40:43.558root 11241100x8000000000000000138867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9766930e687edc4a2021-12-17 11:40:43.559root 11241100x8000000000000000138868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfece8d5ba1bc5e12021-12-17 11:40:43.559root 11241100x8000000000000000138869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c89bd4b841426c32021-12-17 11:40:43.559root 11241100x8000000000000000138870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0341e67353ef3c42021-12-17 11:40:43.559root 11241100x8000000000000000138871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b757c06f7c3ad52021-12-17 11:40:43.559root 11241100x8000000000000000138872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f20924a1f0baf4c2021-12-17 11:40:43.560root 11241100x8000000000000000138873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f970e8bbc9b4d4b92021-12-17 11:40:43.560root 11241100x8000000000000000138874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebde49d63ae3fa242021-12-17 11:40:43.560root 11241100x8000000000000000138875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6c054d3d93043d2021-12-17 11:40:43.560root 11241100x8000000000000000138876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5342135c2afd26b92021-12-17 11:40:43.560root 11241100x8000000000000000138877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fb39e8ad0584062021-12-17 11:40:43.560root 11241100x8000000000000000138878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3580f53ec46a123c2021-12-17 11:40:43.560root 11241100x8000000000000000138879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938cd9f7d097c9542021-12-17 11:40:43.560root 11241100x8000000000000000138880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4749ed778637b32021-12-17 11:40:43.560root 11241100x8000000000000000138881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefe7ae80ac871782021-12-17 11:40:43.560root 11241100x8000000000000000138882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9858f2867e72aaa12021-12-17 11:40:43.560root 11241100x8000000000000000138883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9367222004efd5e52021-12-17 11:40:43.560root 11241100x8000000000000000138884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea2f67205487c452021-12-17 11:40:43.561root 11241100x8000000000000000138885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f56238480941d02021-12-17 11:40:43.561root 11241100x8000000000000000138886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff4d03fbd4a34e12021-12-17 11:40:43.561root 11241100x8000000000000000138887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78447eafb18213092021-12-17 11:40:43.561root 11241100x8000000000000000138888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5935b49440de19342021-12-17 11:40:43.561root 11241100x8000000000000000138889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e54b7e10c263f3b2021-12-17 11:40:43.561root 11241100x8000000000000000138890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faeebd8f1f1c8842021-12-17 11:40:43.561root 11241100x8000000000000000138891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02896b2fcf452d0e2021-12-17 11:40:43.561root 11241100x8000000000000000138892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda94f9481bcf1442021-12-17 11:40:43.561root 11241100x8000000000000000138893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187174095194ea822021-12-17 11:40:43.562root 11241100x8000000000000000138894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b461ea0fb628e512021-12-17 11:40:43.562root 11241100x8000000000000000138895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d9a9c6c69ff9972021-12-17 11:40:43.562root 11241100x8000000000000000138896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb7338dc236ae722021-12-17 11:40:43.562root 11241100x8000000000000000138897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97e39efa9f111e42021-12-17 11:40:43.562root 11241100x8000000000000000138898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:43.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656fd9f3362a24ee2021-12-17 11:40:43.562root 11241100x8000000000000000138899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2d0586b1c159d82021-12-17 11:40:44.060root 11241100x8000000000000000138900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf94a304893092e02021-12-17 11:40:44.060root 11241100x8000000000000000138901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82546d6c7b28e8d2021-12-17 11:40:44.060root 11241100x8000000000000000138902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a892ac247a619b742021-12-17 11:40:44.060root 11241100x8000000000000000138903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b3dd6f2531d57e2021-12-17 11:40:44.060root 11241100x8000000000000000138904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb920e2666ec64d2021-12-17 11:40:44.060root 11241100x8000000000000000138905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fb2fff98ae96322021-12-17 11:40:44.060root 11241100x8000000000000000138906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8bcc3ad1ccb8052021-12-17 11:40:44.061root 11241100x8000000000000000138907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76baa440e4a98c202021-12-17 11:40:44.061root 11241100x8000000000000000138908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f73db2ca4c0a87c2021-12-17 11:40:44.061root 11241100x8000000000000000138909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94ee075c5fa8c0b2021-12-17 11:40:44.061root 11241100x8000000000000000138910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882e39124e23536c2021-12-17 11:40:44.061root 11241100x8000000000000000138911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca7f44b30b6277b2021-12-17 11:40:44.061root 11241100x8000000000000000138912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ab1f7783ade96c2021-12-17 11:40:44.061root 11241100x8000000000000000138913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4050be5fcea860202021-12-17 11:40:44.061root 11241100x8000000000000000138914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3da71432209101b2021-12-17 11:40:44.061root 11241100x8000000000000000138915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d8f43b4c8928d62021-12-17 11:40:44.061root 11241100x8000000000000000138916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc275197508b9f4d2021-12-17 11:40:44.061root 11241100x8000000000000000138917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ac2c4ef5896ec52021-12-17 11:40:44.062root 11241100x8000000000000000138918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e430c96654a50a2021-12-17 11:40:44.062root 11241100x8000000000000000138919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bec1e40d734c1112021-12-17 11:40:44.062root 11241100x8000000000000000138920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cb20ff878a957a2021-12-17 11:40:44.062root 11241100x8000000000000000138921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420455c622b393be2021-12-17 11:40:44.062root 11241100x8000000000000000138922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005b178d003ae3de2021-12-17 11:40:44.062root 11241100x8000000000000000138923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4151073ee929f382021-12-17 11:40:44.062root 11241100x8000000000000000138924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ad70f976047c712021-12-17 11:40:44.062root 11241100x8000000000000000138925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52026242fbf4cb662021-12-17 11:40:44.062root 11241100x8000000000000000138926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398ac965b59ea5ff2021-12-17 11:40:44.062root 11241100x8000000000000000138927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639d834bae8bfb102021-12-17 11:40:44.063root 11241100x8000000000000000138928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d74cda2e0dbb3912021-12-17 11:40:44.063root 11241100x8000000000000000138929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668789847fda0fc92021-12-17 11:40:44.063root 11241100x8000000000000000138930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc39ae2ee5b71022021-12-17 11:40:44.063root 11241100x8000000000000000138931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9ad1548c8492302021-12-17 11:40:44.063root 11241100x8000000000000000138932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e5e018a04806bc2021-12-17 11:40:44.063root 11241100x8000000000000000138933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6497d4be7bbd202021-12-17 11:40:44.063root 11241100x8000000000000000138934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1f7860f515c9952021-12-17 11:40:44.063root 11241100x8000000000000000138935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f82e8b20c245a9c2021-12-17 11:40:44.063root 11241100x8000000000000000138936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b591ff36d304152021-12-17 11:40:44.063root 11241100x8000000000000000138937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef7dac7be0fde992021-12-17 11:40:44.064root 11241100x8000000000000000138938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032a4279b053e41a2021-12-17 11:40:44.064root 11241100x8000000000000000138939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48db98ae76263bd52021-12-17 11:40:44.064root 11241100x8000000000000000138940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93c41d6790dc87d2021-12-17 11:40:44.557root 11241100x8000000000000000138941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed30e007aaaf6c812021-12-17 11:40:44.557root 11241100x8000000000000000138942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a549e3827b22dc4c2021-12-17 11:40:44.557root 11241100x8000000000000000138943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d126adb6ce976e32021-12-17 11:40:44.557root 11241100x8000000000000000138944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a4246fc4968e8b2021-12-17 11:40:44.557root 11241100x8000000000000000138945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8989ac7640182cd52021-12-17 11:40:44.557root 11241100x8000000000000000138946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70924a0332ef71de2021-12-17 11:40:44.557root 11241100x8000000000000000138947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b14bbabe2292a282021-12-17 11:40:44.558root 11241100x8000000000000000138948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271eae1984125a802021-12-17 11:40:44.558root 11241100x8000000000000000138949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b50084ab3e552b2021-12-17 11:40:44.558root 11241100x8000000000000000138950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55c2b4c886f40642021-12-17 11:40:44.558root 11241100x8000000000000000138951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a031a81306990c2021-12-17 11:40:44.558root 11241100x8000000000000000138952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b5d8488f3a614a2021-12-17 11:40:44.558root 11241100x8000000000000000138953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a198475577bb2b2021-12-17 11:40:44.558root 11241100x8000000000000000138954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff62f894a0ebfa32021-12-17 11:40:44.558root 11241100x8000000000000000138955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa51f97297bbaf12021-12-17 11:40:44.558root 11241100x8000000000000000138956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ec6df23fe5f6e02021-12-17 11:40:44.558root 11241100x8000000000000000138957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dbcf3cff602af22021-12-17 11:40:44.558root 11241100x8000000000000000138958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ca7800c882da852021-12-17 11:40:44.559root 11241100x8000000000000000138959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed2d7458437fdd12021-12-17 11:40:44.559root 11241100x8000000000000000138960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57d61301e2efff02021-12-17 11:40:44.559root 11241100x8000000000000000138961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bb37c1bbf3ce772021-12-17 11:40:44.559root 11241100x8000000000000000138962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372652fba4fffe8e2021-12-17 11:40:44.559root 11241100x8000000000000000138963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8d41d8b4dc03632021-12-17 11:40:44.559root 11241100x8000000000000000138964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a488374f2994f2782021-12-17 11:40:44.559root 11241100x8000000000000000138965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1df8602d142c1c02021-12-17 11:40:44.559root 11241100x8000000000000000138966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b457fef81674d7b2021-12-17 11:40:44.559root 11241100x8000000000000000138967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75514828334d2e22021-12-17 11:40:44.559root 11241100x8000000000000000138968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e0d55dee7cf1d42021-12-17 11:40:44.560root 11241100x8000000000000000138969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbb713435f19ab12021-12-17 11:40:44.560root 11241100x8000000000000000138970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457502b65a4083a92021-12-17 11:40:44.560root 11241100x8000000000000000138971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2305ed14baa8832021-12-17 11:40:44.560root 11241100x8000000000000000138972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7758c3258e27311e2021-12-17 11:40:44.560root 11241100x8000000000000000138973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180eafc63dca8bcc2021-12-17 11:40:44.560root 11241100x8000000000000000138974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c58f1233dbf12f42021-12-17 11:40:44.560root 11241100x8000000000000000138975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76eca5407a9e088f2021-12-17 11:40:44.560root 11241100x8000000000000000138976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd81a6e73f3b19d2021-12-17 11:40:44.560root 11241100x8000000000000000138977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6554e1df7efbe4c2021-12-17 11:40:44.560root 11241100x8000000000000000138978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b274f7c1175e3d2021-12-17 11:40:44.560root 11241100x8000000000000000138979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9e28f48da5dd4a2021-12-17 11:40:44.561root 11241100x8000000000000000138980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539d7ef0d87ab1ff2021-12-17 11:40:44.561root 11241100x8000000000000000138981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf551ca2ebaccfc22021-12-17 11:40:44.561root 11241100x8000000000000000138982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e868430272a261e2021-12-17 11:40:44.561root 11241100x8000000000000000138983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf41d71d9e75f012021-12-17 11:40:44.561root 11241100x8000000000000000138984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85f637f29c29bdd2021-12-17 11:40:44.561root 11241100x8000000000000000138985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0f40f9bd71e0ac2021-12-17 11:40:44.561root 11241100x8000000000000000138986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3477e5c096c4942021-12-17 11:40:44.561root 11241100x8000000000000000138987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae24de4a471e95a2021-12-17 11:40:44.561root 11241100x8000000000000000138988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dab493f08081f62021-12-17 11:40:44.561root 11241100x8000000000000000138989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5db08640be0897e2021-12-17 11:40:44.562root 11241100x8000000000000000138990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915890a2846e71512021-12-17 11:40:44.562root 11241100x8000000000000000138991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e6277ea9f9d7082021-12-17 11:40:44.562root 11241100x8000000000000000138992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac2f78d788d848e2021-12-17 11:40:44.562root 11241100x8000000000000000138993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cc56dc421a8c252021-12-17 11:40:44.562root 11241100x8000000000000000138994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d25c817ab02b3a72021-12-17 11:40:44.562root 11241100x8000000000000000138995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce1446c335ec4232021-12-17 11:40:44.562root 11241100x8000000000000000138996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d702078121dfe56a2021-12-17 11:40:44.562root 11241100x8000000000000000138997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef285bc9e31240c72021-12-17 11:40:44.562root 11241100x8000000000000000138998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9284e9f0e844f12021-12-17 11:40:44.563root 11241100x8000000000000000138999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f32f87e213ebb802021-12-17 11:40:44.563root 11241100x8000000000000000139000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ebd6d34cdcb7b32021-12-17 11:40:44.563root 11241100x8000000000000000139001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786ad0cf94f56fa02021-12-17 11:40:44.563root 11241100x8000000000000000139002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114a1a059334eabd2021-12-17 11:40:44.563root 11241100x8000000000000000139003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb1a60d957193ec2021-12-17 11:40:44.563root 11241100x8000000000000000139004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f153879b642f7742021-12-17 11:40:44.563root 11241100x8000000000000000139005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48709e488777d7132021-12-17 11:40:44.563root 11241100x8000000000000000139006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3d3aca1732cdf72021-12-17 11:40:44.563root 154100x8000000000000000139007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.980{ec28ba6a-773c-61bc-086e-11e713560000}9418/usr/bin/sudo-----sudo ./runc_cron/tmp/evil_workubuntu{ec28ba6a-70c8-61bc-e803-000000000000}10004no level-{ec28ba6a-70c8-61bc-0864-f69184550000}5342/bin/bash-bashubuntu 11241100x8000000000000000139008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.981{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19ed57c8eb74a202021-12-17 11:40:44.981root 11241100x8000000000000000139009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.982{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697b835dc1ec65f22021-12-17 11:40:44.982root 11241100x8000000000000000139010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.982{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62f40c9f59b561b2021-12-17 11:40:44.982root 11241100x8000000000000000139011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.982{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789ea3d9a46e1f782021-12-17 11:40:44.982root 11241100x8000000000000000139012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.982{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d8cc6185446c482021-12-17 11:40:44.982root 11241100x8000000000000000139013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.982{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2aedc6a2daa3b082021-12-17 11:40:44.982root 11241100x8000000000000000139014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.982{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83f6c8e0fec530c2021-12-17 11:40:44.982root 11241100x8000000000000000139015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.983{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e905caf7d0901ea2021-12-17 11:40:44.983root 11241100x8000000000000000139016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.983{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe6da5452b4b9a42021-12-17 11:40:44.983root 11241100x8000000000000000139017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.983{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac45a0155f8baf572021-12-17 11:40:44.983root 11241100x8000000000000000139018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.983{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa1e5efe230e02c2021-12-17 11:40:44.983root 11241100x8000000000000000139019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.983{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f480d99c65a14a12021-12-17 11:40:44.983root 11241100x8000000000000000139020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.983{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c84f859970a0be32021-12-17 11:40:44.983root 11241100x8000000000000000139021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.983{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e853f2b7c6b31e92021-12-17 11:40:44.983root 11241100x8000000000000000139022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.984{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852ba9b1cba6fe292021-12-17 11:40:44.984root 11241100x8000000000000000139023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.984{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11738db09a6193a92021-12-17 11:40:44.984root 11241100x8000000000000000139024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.984{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147a3e75b2c712d42021-12-17 11:40:44.984root 354300x8000000000000000139025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.984{ec28ba6a-773c-61bc-086e-11e713560000}9418/usr/bin/sudoubuntuudptruefalse127.0.0.1-48460-false127.0.0.53-53- 11241100x8000000000000000139026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.984{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6f22ab6e5ec25e2021-12-17 11:40:44.984root 11241100x8000000000000000139027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.984{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41550b1986487f32021-12-17 11:40:44.984root 11241100x8000000000000000139028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.984{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf723e7b99c2c682021-12-17 11:40:44.984root 11241100x8000000000000000139029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.984{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3c8de60a0821df2021-12-17 11:40:44.984root 11241100x8000000000000000139030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.985{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7c2ace099092d92021-12-17 11:40:44.985root 354300x8000000000000000139031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.986{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-33187-false10.0.0.2-53- 354300x8000000000000000139032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.986{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-41582-false10.0.0.2-53- 11241100x8000000000000000139033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.985{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524a8491f5ef66d62021-12-17 11:40:44.985root 11241100x8000000000000000139034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.986{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93652efa79f5e23a2021-12-17 11:40:44.986root 11241100x8000000000000000139035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.986{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621982088a7419e52021-12-17 11:40:44.986root 11241100x8000000000000000139036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.986{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca4b523d850c50a2021-12-17 11:40:44.986root 11241100x8000000000000000139037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.986{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524d49af8d6f65302021-12-17 11:40:44.986root 354300x8000000000000000139038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.986{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-48460- 354300x8000000000000000139039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.986{ec28ba6a-773c-61bc-086e-11e713560000}9418/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-52362- 354300x8000000000000000139040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-773c-61bc-086e-11e713560000}9418/usr/bin/sudoubuntuudptruefalse127.0.0.1-52362-false127.0.0.53-53- 11241100x8000000000000000139041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9775294679961d6f2021-12-17 11:40:44.987root 11241100x8000000000000000139042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b70827df3d932f62021-12-17 11:40:44.987root 11241100x8000000000000000139043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a74e02214b6217f2021-12-17 11:40:44.987root 11241100x8000000000000000139044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a897636543404302021-12-17 11:40:44.987root 11241100x8000000000000000139045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdb694785121e402021-12-17 11:40:44.987root 11241100x8000000000000000139046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8169026fa82ed8d92021-12-17 11:40:44.987root 11241100x8000000000000000139047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773e08172c3c80b02021-12-17 11:40:44.987root 11241100x8000000000000000139048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122f5512d642feb02021-12-17 11:40:44.987root 11241100x8000000000000000139049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860662708d478bbd2021-12-17 11:40:44.987root 11241100x8000000000000000139050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db543b6997d596542021-12-17 11:40:44.987root 11241100x8000000000000000139051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.987{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8651e623f377f42021-12-17 11:40:44.987root 11241100x8000000000000000139052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.988{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b69ef0a2e19a4c92021-12-17 11:40:44.988root 11241100x8000000000000000139053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.988{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe67bb477420e1f82021-12-17 11:40:44.988root 11241100x8000000000000000139054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.988{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e649e528dbfb356c2021-12-17 11:40:44.988root 11241100x8000000000000000139055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.988{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f4a222537a55702021-12-17 11:40:44.988root 11241100x8000000000000000139056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.988{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5643811436d5aaaf2021-12-17 11:40:44.988root 11241100x8000000000000000139057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.988{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdb0f33350399112021-12-17 11:40:44.988root 11241100x8000000000000000139058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.988{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7240f708ccfcd7552021-12-17 11:40:44.988root 11241100x8000000000000000139059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.989{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca19d7054b434522021-12-17 11:40:44.989root 11241100x8000000000000000139060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.989{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89de958a4fa344ba2021-12-17 11:40:44.989root 354300x8000000000000000139061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.989{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-52362- 154100x8000000000000000139062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.995{ec28ba6a-773c-61bc-584c-0d491c560000}9419/tmp/evil_work/runc_cron-----./runc_cron/tmp/evil_workroot{ec28ba6a-0000-0000-0000-000000000000}04no level-{ec28ba6a-773c-61bc-086e-11e713560000}9418/usr/bin/sudosudoubuntu 534500x8000000000000000139063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.996{ec28ba6a-773c-61bc-584c-0d491c560000}9419/tmp/evil_work/runc_cronroot 154100x8000000000000000139064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.996{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dash-----sh -c #/bin/bash echo "~/evil_cron.sh" >> /etc/init.d/logrotate echo "~/evil_cron.sh" >> /etc/init.d/logrotate echo "~/evil_cron.sh" >> /etc/crontab/logrotate echo "~/evil_cron.sh" >> /etc/cron.allow/logrotate echo "~/evil_cron.sh" >> /etc/cron.d/logrotate echo "~/evil_cron.sh" >> /etc/cron.deny/logrotate echo "~/evil_cron.sh" >> /etc/cron.daily/logrotate echo "~/evil_cron.sh" >> /etc/cron.hourly/logrotate echo "~/evil_cron.sh" >> /etc/cron.monthly/logrotate echo "~/evil_cron.sh" >> /etc/cron.weekly/logrotate echo "~/evil_cron.sh" >> /etc/anacrontab/logrotate echo "~/evil_cron.sh" >> /var/spool/cron/logrotate echo "~/evil_cron.sh" >> /var/spool/cron/crontabs/logrotate echo "~/evil_cron.sh" >> /etc/at.allow/logrotate echo "~/evil_cron.sh" >> /etc/at.deny/logrotate echo "echo 'Hello from Atomic Red Team' > /tmp/atomic.log"> /etc/cron.hourly/persistevil echo "echo 'Hello from Atomic Red Team' > /tmp/atomic.log"> /etc/cron.weekly/persistevil /tmp/evil_workroot{ec28ba6a-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}9420--- 11241100x8000000000000000139065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.997{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dash/etc/init.d/logrotate2021-12-17 11:40:44.997root 11241100x8000000000000000139066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.997{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dash/etc/init.d/logrotate2021-12-17 11:40:44.997root 11241100x8000000000000000139067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.997{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dash/etc/cron.d/logrotate2021-12-17 11:40:44.997root 11241100x8000000000000000139068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.997{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dash/etc/cron.hourly/logrotate2021-12-17 11:40:44.997root 11241100x8000000000000000139069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.997{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dash/etc/cron.monthly/logrotate2021-12-17 11:40:44.997root 11241100x8000000000000000139070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.997{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dash/etc/cron.weekly/logrotate2021-12-17 11:40:44.997root 11241100x8000000000000000139071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.997{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dash/var/spool/cron/logrotate2021-12-17 11:40:44.997root 11241100x8000000000000000139072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.997{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dash/var/spool/cron/crontabs/logrotate2021-12-17 11:40:44.997root 11241100x8000000000000000139073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.997{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dash/etc/cron.hourly/persistevil2021-12-17 11:40:44.997root 11241100x8000000000000000139074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.997{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dash/etc/cron.weekly/persistevil2021-12-17 11:40:44.997root 534500x8000000000000000139075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.997{ec28ba6a-773c-61bc-6882-72f1eb550000}9421/bin/dashroot 534500x8000000000000000139076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.998{ec28ba6a-773c-61bc-086e-11e713560000}9418/usr/bin/sudoroot 534500x8000000000000000139077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:44.998{ec28ba6a-773c-61bc-0000-000000000000}9420-root 11241100x8000000000000000139078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.306{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959e9757e8880f402021-12-17 11:40:45.306root 11241100x8000000000000000139079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.306{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7fec80cd26b83c2021-12-17 11:40:45.306root 11241100x8000000000000000139080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e0578c759400b22021-12-17 11:40:45.307root 11241100x8000000000000000139081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2ff8953132ffd32021-12-17 11:40:45.307root 11241100x8000000000000000139082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8174a73b1b56f35e2021-12-17 11:40:45.307root 11241100x8000000000000000139083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831b7884146d6ca02021-12-17 11:40:45.308root 11241100x8000000000000000139084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588828f8072b33fc2021-12-17 11:40:45.308root 11241100x8000000000000000139085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5bc77b554ed7732021-12-17 11:40:45.308root 11241100x8000000000000000139086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eef528024360e272021-12-17 11:40:45.308root 11241100x8000000000000000139087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf349a4ab9bae4892021-12-17 11:40:45.308root 11241100x8000000000000000139088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cba0b6066ec1612021-12-17 11:40:45.309root 11241100x8000000000000000139089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e1567db3e0a0392021-12-17 11:40:45.309root 11241100x8000000000000000139090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a78e3c82d7da4652021-12-17 11:40:45.310root 11241100x8000000000000000139091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ec5cfd073218112021-12-17 11:40:45.310root 11241100x8000000000000000139092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b03e152574d63922021-12-17 11:40:45.310root 11241100x8000000000000000139093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.311{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43aee77bc0c20b0f2021-12-17 11:40:45.311root 11241100x8000000000000000139094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.311{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b0ffc1f58950d82021-12-17 11:40:45.311root 11241100x8000000000000000139095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.311{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbc7ca857ea52692021-12-17 11:40:45.311root 11241100x8000000000000000139096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.312{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93e5467f29785ff2021-12-17 11:40:45.312root 11241100x8000000000000000139097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.312{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c3a7c03cbd23b32021-12-17 11:40:45.312root 11241100x8000000000000000139098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.312{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8850a3512bc4223f2021-12-17 11:40:45.312root 11241100x8000000000000000139099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.313{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d289616cff80fa2021-12-17 11:40:45.313root 11241100x8000000000000000139100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.313{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1acf12dd063d7a2021-12-17 11:40:45.313root 11241100x8000000000000000139101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.313{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144e836736a4c9012021-12-17 11:40:45.313root 11241100x8000000000000000139102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.313{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef56cd86a09f7c842021-12-17 11:40:45.313root 11241100x8000000000000000139103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.314{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c0631893de66c02021-12-17 11:40:45.314root 11241100x8000000000000000139104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.314{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b51335462c50d7e2021-12-17 11:40:45.314root 11241100x8000000000000000139105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.314{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d460dd6e1245997e2021-12-17 11:40:45.314root 11241100x8000000000000000139106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.314{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1279db055c83933c2021-12-17 11:40:45.314root 11241100x8000000000000000139107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.315{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e7b3d81af370082021-12-17 11:40:45.315root 11241100x8000000000000000139108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.315{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2697a2b349a2992021-12-17 11:40:45.315root 11241100x8000000000000000139109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.315{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6e7751a870fffb2021-12-17 11:40:45.315root 11241100x8000000000000000139110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.315{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c151fa3d071de9902021-12-17 11:40:45.315root 11241100x8000000000000000139111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.315{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de62296dcb5be4c92021-12-17 11:40:45.315root 11241100x8000000000000000139112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.316{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0b7fad00b326f72021-12-17 11:40:45.316root 11241100x8000000000000000139113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.316{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299ccd986b7860a42021-12-17 11:40:45.316root 11241100x8000000000000000139114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.316{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0453d979fc4c2b402021-12-17 11:40:45.316root 11241100x8000000000000000139115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.316{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25ad288211ef1b32021-12-17 11:40:45.316root 11241100x8000000000000000139116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.316{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facacc9edfc26e852021-12-17 11:40:45.316root 11241100x8000000000000000139117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.316{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7c555e6d1f0d9f2021-12-17 11:40:45.316root 11241100x8000000000000000139118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.316{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518eed56702b71032021-12-17 11:40:45.316root 11241100x8000000000000000139119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.316{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a931575ac234a5d32021-12-17 11:40:45.316root 11241100x8000000000000000139120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.317{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea86a79aecfa0f2021-12-17 11:40:45.317root 11241100x8000000000000000139121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.317{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d09a2b56d319a272021-12-17 11:40:45.317root 11241100x8000000000000000139122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.317{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f11c8bf24fd9d62021-12-17 11:40:45.317root 11241100x8000000000000000139123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.317{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dc88f8b254da9d2021-12-17 11:40:45.317root 11241100x8000000000000000139124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.317{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae81a57c8df8afe02021-12-17 11:40:45.317root 11241100x8000000000000000139125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.318{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db107c7064244cc72021-12-17 11:40:45.318root 11241100x8000000000000000139126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.318{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25cf5e5afbd24222021-12-17 11:40:45.318root 11241100x8000000000000000139127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.318{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4577deffbafb54ef2021-12-17 11:40:45.318root 11241100x8000000000000000139128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.318{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23097c6fdfb52d0a2021-12-17 11:40:45.318root 11241100x8000000000000000139129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.318{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f366cff0337b4f2021-12-17 11:40:45.318root 11241100x8000000000000000139130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.318{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054ef4d5a04678bc2021-12-17 11:40:45.318root 11241100x8000000000000000139131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.319{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857a3c0706d29baa2021-12-17 11:40:45.319root 11241100x8000000000000000139132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.319{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958c21a4f478b20b2021-12-17 11:40:45.319root 11241100x8000000000000000139133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.319{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b5352b740fe2812021-12-17 11:40:45.319root 11241100x8000000000000000139134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.319{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d22fc17c456a7832021-12-17 11:40:45.319root 11241100x8000000000000000139135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.319{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05b8c68ff7a31da2021-12-17 11:40:45.319root 11241100x8000000000000000139136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.319{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f483d752b752b152021-12-17 11:40:45.319root 11241100x8000000000000000139137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.320{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c321a270a920002021-12-17 11:40:45.320root 11241100x8000000000000000139138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.320{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8800487c3ba7fee82021-12-17 11:40:45.320root 11241100x8000000000000000139139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.320{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc97878d03e4cde2021-12-17 11:40:45.320root 11241100x8000000000000000139140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.321{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4613ff9fda8ac92021-12-17 11:40:45.321root 11241100x8000000000000000139141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.321{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c16d4c8405ff4e2021-12-17 11:40:45.321root 11241100x8000000000000000139142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.321{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deff9b0139ada77d2021-12-17 11:40:45.321root 11241100x8000000000000000139143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.321{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35d49723d290e182021-12-17 11:40:45.321root 11241100x8000000000000000139144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.321{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850b1085da646afe2021-12-17 11:40:45.321root 11241100x8000000000000000139145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.322{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b93e87c80a1e2f42021-12-17 11:40:45.322root 11241100x8000000000000000139146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.322{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebb94164e299b612021-12-17 11:40:45.322root 11241100x8000000000000000139147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.322{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbea67340c50d4062021-12-17 11:40:45.322root 11241100x8000000000000000139148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.322{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f3bdae4cfa5bd02021-12-17 11:40:45.322root 11241100x8000000000000000139149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.322{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8689141c8cdb8ee2021-12-17 11:40:45.322root 11241100x8000000000000000139150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.323{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7563a902437ee12021-12-17 11:40:45.323root 11241100x8000000000000000139151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.323{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62faccaa87a256582021-12-17 11:40:45.323root 11241100x8000000000000000139152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.323{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785c0609c065197e2021-12-17 11:40:45.323root 11241100x8000000000000000139153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.323{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9253076e9f1b10d42021-12-17 11:40:45.323root 11241100x8000000000000000139154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.323{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dc8ce19856d83b2021-12-17 11:40:45.323root 11241100x8000000000000000139155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.324{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b278f9b1ea85b452021-12-17 11:40:45.324root 11241100x8000000000000000139156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.324{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f8d53835af0fc82021-12-17 11:40:45.324root 11241100x8000000000000000139157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.324{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0611260b21c09af2021-12-17 11:40:45.324root 11241100x8000000000000000139158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.325{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bccfa2563137352021-12-17 11:40:45.325root 11241100x8000000000000000139159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.325{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0459a4d1926b269b2021-12-17 11:40:45.325root 11241100x8000000000000000139160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.325{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18280c9a911091c2021-12-17 11:40:45.325root 11241100x8000000000000000139161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.325{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97019cef978a8de2021-12-17 11:40:45.325root 11241100x8000000000000000139162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.325{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1679db0d24d0c11e2021-12-17 11:40:45.325root 11241100x8000000000000000139163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.326{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a53ed28d4d211ae2021-12-17 11:40:45.326root 11241100x8000000000000000139164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.326{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa002a9721540f72021-12-17 11:40:45.326root 11241100x8000000000000000139165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.326{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782cc516fbba82b42021-12-17 11:40:45.326root 11241100x8000000000000000139166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.326{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada0261673afc9572021-12-17 11:40:45.326root 11241100x8000000000000000139167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.326{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9c3b96747c421b2021-12-17 11:40:45.326root 11241100x8000000000000000139168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.327{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff214f613541cf92021-12-17 11:40:45.327root 11241100x8000000000000000139169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.327{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767fd16a4b0180e72021-12-17 11:40:45.327root 11241100x8000000000000000139170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.327{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12debc0b4798b87c2021-12-17 11:40:45.327root 11241100x8000000000000000139171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.327{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e36397b623ae1e2021-12-17 11:40:45.327root 11241100x8000000000000000139172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.327{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ba0cdada77fcfd2021-12-17 11:40:45.327root 11241100x8000000000000000139173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.327{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db56f71e4d6339492021-12-17 11:40:45.327root 11241100x8000000000000000139174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.327{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04478c1308a2172f2021-12-17 11:40:45.327root 11241100x8000000000000000139175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.328{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3839fbbc5352022021-12-17 11:40:45.328root 11241100x8000000000000000139176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.328{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629ec6085979011a2021-12-17 11:40:45.328root 11241100x8000000000000000139177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.328{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51747d763be47eab2021-12-17 11:40:45.328root 11241100x8000000000000000139178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.328{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca5df9a7385e87a2021-12-17 11:40:45.328root 11241100x8000000000000000139179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.328{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14671dba3265277e2021-12-17 11:40:45.328root 11241100x8000000000000000139180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.328{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8342b7815db0d9762021-12-17 11:40:45.328root 11241100x8000000000000000139181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.329{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca8e219e9292e4f2021-12-17 11:40:45.329root 11241100x8000000000000000139182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.329{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3e0ea23c40352c2021-12-17 11:40:45.329root 11241100x8000000000000000139183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.329{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d1c6b7ffd7d60c2021-12-17 11:40:45.329root 11241100x8000000000000000139184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.329{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7148a6e9672484c92021-12-17 11:40:45.329root 11241100x8000000000000000139185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.329{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddba8402a443085f2021-12-17 11:40:45.329root 11241100x8000000000000000139186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.329{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aefcc9f6c5d28762021-12-17 11:40:45.329root 11241100x8000000000000000139187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.330{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cc081ed1a55a082021-12-17 11:40:45.330root 11241100x8000000000000000139188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.330{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7389e01786aa54732021-12-17 11:40:45.330root 11241100x8000000000000000139189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.330{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c814b04e0d2fe6622021-12-17 11:40:45.330root 11241100x8000000000000000139190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.330{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396ada984af6379b2021-12-17 11:40:45.330root 11241100x8000000000000000139191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.330{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8032a1e1a198e6ee2021-12-17 11:40:45.330root 11241100x8000000000000000139192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.330{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69607f5f3be108102021-12-17 11:40:45.330root 11241100x8000000000000000139193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.331{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad352758c11277542021-12-17 11:40:45.331root 11241100x8000000000000000139194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.331{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a98f6d57628568b2021-12-17 11:40:45.331root 11241100x8000000000000000139195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.331{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c50d47ab8a681662021-12-17 11:40:45.331root 11241100x8000000000000000139196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.332{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1594401c8bf3bdb12021-12-17 11:40:45.332root 11241100x8000000000000000139197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.332{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a03fe18c774e8032021-12-17 11:40:45.332root 11241100x8000000000000000139198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.332{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185c78b7155443652021-12-17 11:40:45.332root 11241100x8000000000000000139199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.332{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5c50850d7f57182021-12-17 11:40:45.332root 11241100x8000000000000000139200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.332{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8dc60e1ddd2a6d2021-12-17 11:40:45.332root 11241100x8000000000000000139201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.332{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8adb988330bf472021-12-17 11:40:45.332root 11241100x8000000000000000139202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.332{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0051f8d64938ab502021-12-17 11:40:45.332root 11241100x8000000000000000139203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.333{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4379c3be375badb52021-12-17 11:40:45.333root 11241100x8000000000000000139204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.333{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994bf1db140da1682021-12-17 11:40:45.333root 11241100x8000000000000000139205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.333{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d09e84cb192f5872021-12-17 11:40:45.333root 11241100x8000000000000000139206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.333{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd5e27db6f500dd2021-12-17 11:40:45.333root 11241100x8000000000000000139207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.333{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cffbbb8a1e89192021-12-17 11:40:45.333root 11241100x8000000000000000139208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.333{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b7b74347caeaeb2021-12-17 11:40:45.333root 11241100x8000000000000000139209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.334{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b90219272dee56c2021-12-17 11:40:45.334root 11241100x8000000000000000139210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.334{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732f31e9537eec9a2021-12-17 11:40:45.334root 11241100x8000000000000000139211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.334{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8f188770a4a0fb2021-12-17 11:40:45.334root 11241100x8000000000000000139212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.334{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0198169051bb28e82021-12-17 11:40:45.334root 11241100x8000000000000000139213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.334{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef01af3d5861fc212021-12-17 11:40:45.334root 11241100x8000000000000000139214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.335{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b240b4395c60e52021-12-17 11:40:45.335root 11241100x8000000000000000139215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.335{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a86ebb4d7941c82021-12-17 11:40:45.335root 11241100x8000000000000000139216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.335{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75e37439c006a0f2021-12-17 11:40:45.335root 11241100x8000000000000000139217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.335{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a68d3176815c322021-12-17 11:40:45.335root 11241100x8000000000000000139218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.335{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e34c8d94a41f052021-12-17 11:40:45.335root 11241100x8000000000000000139219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.335{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009cb510699d40cd2021-12-17 11:40:45.335root 11241100x8000000000000000139220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.335{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac95b402bb6f24f2021-12-17 11:40:45.335root 11241100x8000000000000000139221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.335{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805874b89d1bb28d2021-12-17 11:40:45.335root 11241100x8000000000000000139222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.336{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da733eacf71636e92021-12-17 11:40:45.336root 11241100x8000000000000000139223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.336{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909558aa62fbe7db2021-12-17 11:40:45.336root 11241100x8000000000000000139224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.336{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77d71c8c9549f8f2021-12-17 11:40:45.336root 11241100x8000000000000000139225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.336{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c270bb5a1b9437b2021-12-17 11:40:45.336root 11241100x8000000000000000139226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.336{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48ba5e9da85aee82021-12-17 11:40:45.336root 11241100x8000000000000000139227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.336{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0d00e0012ba8282021-12-17 11:40:45.336root 11241100x8000000000000000139228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.336{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2628e2a9afb1bbe2021-12-17 11:40:45.336root 11241100x8000000000000000139229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.336{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab26fce081caf14b2021-12-17 11:40:45.336root 11241100x8000000000000000139230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.337{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7453352549ef22302021-12-17 11:40:45.337root 11241100x8000000000000000139231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.337{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f3bcf12e2a8b342021-12-17 11:40:45.337root 11241100x8000000000000000139232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.337{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43aff433191d93e52021-12-17 11:40:45.337root 11241100x8000000000000000139233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.337{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe3d84bd91080652021-12-17 11:40:45.337root 11241100x8000000000000000139234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.337{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf17be11e5033ca2021-12-17 11:40:45.337root 11241100x8000000000000000139235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.337{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3766b4d22d06c4c2021-12-17 11:40:45.337root 11241100x8000000000000000139236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.337{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4e1a27582085c52021-12-17 11:40:45.337root 11241100x8000000000000000139237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.338{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812409bc72eb5d442021-12-17 11:40:45.338root 11241100x8000000000000000139238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.338{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ac251d138a7d1a2021-12-17 11:40:45.338root 11241100x8000000000000000139239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.338{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2fb8fa461a71f72021-12-17 11:40:45.338root 11241100x8000000000000000139240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.338{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ffa927642535e12021-12-17 11:40:45.338root 11241100x8000000000000000139241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.338{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8cf51bd149cfa12021-12-17 11:40:45.338root 11241100x8000000000000000139242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.338{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfa482c9aa034512021-12-17 11:40:45.338root 11241100x8000000000000000139243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.338{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81095f359089cd7f2021-12-17 11:40:45.338root 11241100x8000000000000000139244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.338{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1f903ffc34106d2021-12-17 11:40:45.338root 11241100x8000000000000000139245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.339{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a4972203d134c82021-12-17 11:40:45.339root 11241100x8000000000000000139246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.339{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2ffa1420b2dd172021-12-17 11:40:45.339root 11241100x8000000000000000139247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.339{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8af0b746fa013f92021-12-17 11:40:45.339root 11241100x8000000000000000139248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.339{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a41650f578cab6a2021-12-17 11:40:45.339root 11241100x8000000000000000139249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.339{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249e886b801655942021-12-17 11:40:45.339root 11241100x8000000000000000139250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.339{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd3891dfbc9b5b72021-12-17 11:40:45.339root 11241100x8000000000000000139251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.340{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9246b94623d61832021-12-17 11:40:45.340root 11241100x8000000000000000139252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.340{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e85b115fac2f83c2021-12-17 11:40:45.340root 11241100x8000000000000000139253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.340{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556ef4daa4b0e18d2021-12-17 11:40:45.340root 11241100x8000000000000000139254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.340{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242150b615b78f102021-12-17 11:40:45.340root 11241100x8000000000000000139255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.340{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266746014116f51f2021-12-17 11:40:45.340root 11241100x8000000000000000139256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.340{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfdf21cb32abea52021-12-17 11:40:45.340root 11241100x8000000000000000139257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.340{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe32b7849c6f3b22021-12-17 11:40:45.340root 11241100x8000000000000000139258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.340{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3de276efae88642021-12-17 11:40:45.340root 11241100x8000000000000000139259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.340{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05e78e8f11c95062021-12-17 11:40:45.340root 11241100x8000000000000000139260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.341{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844983d20085c9bd2021-12-17 11:40:45.341root 11241100x8000000000000000139261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.341{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684f8966bbf9ff3f2021-12-17 11:40:45.341root 11241100x8000000000000000139262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.341{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a7e9abd84cba6c2021-12-17 11:40:45.341root 11241100x8000000000000000139263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.341{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbc3c4da15376112021-12-17 11:40:45.341root 11241100x8000000000000000139264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.341{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c982776e8a7b907b2021-12-17 11:40:45.341root 11241100x8000000000000000139265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.342{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a199a18086df149d2021-12-17 11:40:45.342root 11241100x8000000000000000139266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.342{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8024985d54765bbf2021-12-17 11:40:45.342root 11241100x8000000000000000139267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.342{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c83363e6bd1d7782021-12-17 11:40:45.342root 11241100x8000000000000000139268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.342{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d70cd97c5f12d92021-12-17 11:40:45.342root 11241100x8000000000000000139269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.342{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57aa937bf08a25632021-12-17 11:40:45.342root 11241100x8000000000000000139270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.342{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb40335e5513e6fb2021-12-17 11:40:45.342root 11241100x8000000000000000139271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.342{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d5586f504a1d232021-12-17 11:40:45.342root 11241100x8000000000000000139272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.342{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f608fc602935014d2021-12-17 11:40:45.342root 11241100x8000000000000000139273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.342{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48e1dfcea0baa482021-12-17 11:40:45.342root 11241100x8000000000000000139274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.343{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841d8ca4ce52eb8f2021-12-17 11:40:45.343root 11241100x8000000000000000139275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.343{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfd0de4dba358d12021-12-17 11:40:45.343root 11241100x8000000000000000139276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.343{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d74e1b7d73d5032021-12-17 11:40:45.343root 11241100x8000000000000000139277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.343{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f6a9fcc7a4e1662021-12-17 11:40:45.343root 11241100x8000000000000000139278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.343{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcf917674a593ed2021-12-17 11:40:45.343root 11241100x8000000000000000139279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.343{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bf5b8357a61b682021-12-17 11:40:45.343root 11241100x8000000000000000139280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.343{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd52e854fe0db3a02021-12-17 11:40:45.343root 11241100x8000000000000000139281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.343{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fbd3ab04b377fd2021-12-17 11:40:45.343root 11241100x8000000000000000139282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a2e476807e25662021-12-17 11:40:45.344root 11241100x8000000000000000139283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a8cfaa9d909aba2021-12-17 11:40:45.344root 11241100x8000000000000000139284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce68c1f72e2f60c52021-12-17 11:40:45.344root 11241100x8000000000000000139285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad37eb56df63d1f2021-12-17 11:40:45.344root 11241100x8000000000000000139286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda0b26276ee35b32021-12-17 11:40:45.344root 11241100x8000000000000000139287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afdac19c5a62f232021-12-17 11:40:45.344root 11241100x8000000000000000139288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be260ade242c105f2021-12-17 11:40:45.344root 11241100x8000000000000000139289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0512424a66e4962021-12-17 11:40:45.344root 11241100x8000000000000000139290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911bc81e55ee7b822021-12-17 11:40:45.344root 11241100x8000000000000000139291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb357a190ac066f22021-12-17 11:40:45.344root 11241100x8000000000000000139292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e06bf0af0d232c2021-12-17 11:40:45.344root 11241100x8000000000000000139293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f214cb35f1a43c542021-12-17 11:40:45.344root 11241100x8000000000000000139294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.344{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e351402701c88c842021-12-17 11:40:45.344root 11241100x8000000000000000139295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.345{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf6aec50c79959c2021-12-17 11:40:45.345root 11241100x8000000000000000139296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.345{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1eb1988c21df8dd2021-12-17 11:40:45.345root 11241100x8000000000000000139297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.345{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9b2d407c42d4df2021-12-17 11:40:45.345root 11241100x8000000000000000139298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.345{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baec3bcfbf6cf4702021-12-17 11:40:45.345root 11241100x8000000000000000139299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.345{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530c1c9817991c202021-12-17 11:40:45.345root 11241100x8000000000000000139300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.345{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea858dfe158c0b82021-12-17 11:40:45.345root 11241100x8000000000000000139301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.345{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e72f7ca66c4fb12021-12-17 11:40:45.345root 11241100x8000000000000000139302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.345{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e651676884352b032021-12-17 11:40:45.345root 11241100x8000000000000000139303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.345{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034f21d7c415eb0e2021-12-17 11:40:45.345root 11241100x8000000000000000139304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.345{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9934588e8e63e642021-12-17 11:40:45.345root 11241100x8000000000000000139305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.345{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af86286ea2bbfe0c2021-12-17 11:40:45.345root 11241100x8000000000000000139306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c34819b2637d1e2021-12-17 11:40:45.346root 11241100x8000000000000000139307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bfa0a36c9ad82a2021-12-17 11:40:45.346root 11241100x8000000000000000139308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842a88d3516a7bb42021-12-17 11:40:45.346root 11241100x8000000000000000139309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad59744e8f4f7a6b2021-12-17 11:40:45.346root 11241100x8000000000000000139310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d129a802180ab42021-12-17 11:40:45.346root 11241100x8000000000000000139311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77860c55509787ba2021-12-17 11:40:45.346root 11241100x8000000000000000139312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86511497336cf772021-12-17 11:40:45.346root 11241100x8000000000000000139313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca1e864096183d02021-12-17 11:40:45.346root 11241100x8000000000000000139314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225fd7b1186c37492021-12-17 11:40:45.346root 11241100x8000000000000000139315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842e3aca929b5a1a2021-12-17 11:40:45.346root 11241100x8000000000000000139316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1233457c280be12021-12-17 11:40:45.346root 11241100x8000000000000000139317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb8646da6a866202021-12-17 11:40:45.346root 11241100x8000000000000000139318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6086745ecd634f2021-12-17 11:40:45.346root 11241100x8000000000000000139319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab807d088c9a5aa12021-12-17 11:40:45.346root 11241100x8000000000000000139320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f433877192ea65e62021-12-17 11:40:45.346root 11241100x8000000000000000139321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.346{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b59b606889deef82021-12-17 11:40:45.346root 11241100x8000000000000000139322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.347{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079b9692d28ff6a32021-12-17 11:40:45.347root 11241100x8000000000000000139323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.347{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc00976dd9d8ac92021-12-17 11:40:45.347root 11241100x8000000000000000139324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.347{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811786fba6a5f59e2021-12-17 11:40:45.347root 11241100x8000000000000000139325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.347{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8c76b6979bfc872021-12-17 11:40:45.347root 11241100x8000000000000000139326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7ae0a0c3fbecab2021-12-17 11:40:45.806root 11241100x8000000000000000139327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a7ffba13aac75b2021-12-17 11:40:45.806root 11241100x8000000000000000139328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b133b570de71070b2021-12-17 11:40:45.806root 11241100x8000000000000000139329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fa65e185f805fd2021-12-17 11:40:45.807root 11241100x8000000000000000139330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1798b6c78be7e92021-12-17 11:40:45.807root 11241100x8000000000000000139331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d368cbdcc6c8b7f82021-12-17 11:40:45.807root 11241100x8000000000000000139332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf58e4bd4d4a5ae2021-12-17 11:40:45.807root 11241100x8000000000000000139333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ecb94d45081fdb2021-12-17 11:40:45.807root 11241100x8000000000000000139334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225eef1ac001abe82021-12-17 11:40:45.807root 11241100x8000000000000000139335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5347262bf575e12b2021-12-17 11:40:45.807root 11241100x8000000000000000139336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defa6ca3bc0f37c72021-12-17 11:40:45.807root 11241100x8000000000000000139337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f75fc2de2cbfc372021-12-17 11:40:45.808root 11241100x8000000000000000139338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bda6db83fdff40d2021-12-17 11:40:45.808root 11241100x8000000000000000139339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd1e53ddea7ecaa2021-12-17 11:40:45.808root 11241100x8000000000000000139340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f342fcfacd8a5e2021-12-17 11:40:45.808root 11241100x8000000000000000139341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cccd81ca09d8e722021-12-17 11:40:45.808root 11241100x8000000000000000139342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d614694965aa022021-12-17 11:40:45.808root 11241100x8000000000000000139343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0abc17bcafd2b9e2021-12-17 11:40:45.808root 11241100x8000000000000000139344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4914082217f731f72021-12-17 11:40:45.808root 11241100x8000000000000000139345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc4c85757f77f9c2021-12-17 11:40:45.809root 11241100x8000000000000000139346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4063ee90f259b02021-12-17 11:40:45.809root 11241100x8000000000000000139347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d09cef9b029f752021-12-17 11:40:45.809root 11241100x8000000000000000139348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de573ed1f8bdcaf12021-12-17 11:40:45.809root 11241100x8000000000000000139349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0165dbd7594f782021-12-17 11:40:45.809root 11241100x8000000000000000139350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1644384f42a6472021-12-17 11:40:45.809root 11241100x8000000000000000139351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e8023443f89c972021-12-17 11:40:45.810root 11241100x8000000000000000139352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922b5adb8511723e2021-12-17 11:40:45.810root 11241100x8000000000000000139353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f439950c31d05ed32021-12-17 11:40:45.810root 11241100x8000000000000000139354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47126088527f5502021-12-17 11:40:45.810root 11241100x8000000000000000139355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7935ef8809599a2021-12-17 11:40:45.811root 11241100x8000000000000000139356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd72a60fe5cc8b642021-12-17 11:40:45.811root 11241100x8000000000000000139357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914301d4deca8f752021-12-17 11:40:45.811root 11241100x8000000000000000139358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c009f7ac57f3962021-12-17 11:40:45.811root 11241100x8000000000000000139359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34a572260f5332b2021-12-17 11:40:45.812root 11241100x8000000000000000139360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdb4e7373a33b4f2021-12-17 11:40:45.812root 11241100x8000000000000000139361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79253daf9248a00f2021-12-17 11:40:45.812root 11241100x8000000000000000139362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede83126e02e7c4d2021-12-17 11:40:45.812root 11241100x8000000000000000139363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2f32cde35a1c382021-12-17 11:40:45.812root 11241100x8000000000000000139364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.813{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2424e142a5856fe22021-12-17 11:40:45.813root 11241100x8000000000000000139365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.813{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da70e976d0f991182021-12-17 11:40:45.813root 11241100x8000000000000000139366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.813{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432be40b6d8a3bb32021-12-17 11:40:45.813root 11241100x8000000000000000139367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.814{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e159b416ba6263f02021-12-17 11:40:45.814root 11241100x8000000000000000139368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.814{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e15b388c4e0a7ec2021-12-17 11:40:45.814root 11241100x8000000000000000139369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.814{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfaf54e456b4be82021-12-17 11:40:45.814root 11241100x8000000000000000139370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.814{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452caace5d44e8c62021-12-17 11:40:45.814root 11241100x8000000000000000139371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.814{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646f62feb35605df2021-12-17 11:40:45.814root 11241100x8000000000000000139372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.815{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffdea3eb3835c3c2021-12-17 11:40:45.815root 11241100x8000000000000000139373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.815{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fd08f5ea6e50822021-12-17 11:40:45.815root 11241100x8000000000000000139374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.815{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a4fad6c9236d912021-12-17 11:40:45.815root 11241100x8000000000000000139375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.815{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9176eec16d6e072021-12-17 11:40:45.815root 11241100x8000000000000000139376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.815{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234986d5dfd9ff292021-12-17 11:40:45.815root 11241100x8000000000000000139377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.815{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6247807fa649446a2021-12-17 11:40:45.815root 11241100x8000000000000000139378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.816{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ae94295269392b2021-12-17 11:40:45.816root 11241100x8000000000000000139379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.816{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a0d4762851703b2021-12-17 11:40:45.816root 11241100x8000000000000000139380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.816{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3d40a874d91e8c2021-12-17 11:40:45.816root 11241100x8000000000000000139381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.816{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8b5d2b945fa61b2021-12-17 11:40:45.816root 11241100x8000000000000000139382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.816{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa99e8a160212d812021-12-17 11:40:45.816root 11241100x8000000000000000139383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.816{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df3e30664f662fa2021-12-17 11:40:45.816root 11241100x8000000000000000139384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.817{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5693514a06f8fc0a2021-12-17 11:40:45.817root 11241100x8000000000000000139385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.817{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5559bfc7a9f87b72021-12-17 11:40:45.817root 11241100x8000000000000000139386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.817{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c61c3bbe97bfa72021-12-17 11:40:45.817root 11241100x8000000000000000139387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.817{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfceafc4eab42df2021-12-17 11:40:45.817root 11241100x8000000000000000139388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.817{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82ef7ef4fead8b72021-12-17 11:40:45.817root 11241100x8000000000000000139389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.818{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43210d877b4d63f52021-12-17 11:40:45.818root 11241100x8000000000000000139390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.818{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5698fd768ffa5d2021-12-17 11:40:45.818root 11241100x8000000000000000139391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.818{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b92066bbb7231c22021-12-17 11:40:45.818root 11241100x8000000000000000139392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.818{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69264400ec6ef232021-12-17 11:40:45.818root 11241100x8000000000000000139393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.818{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdc68f698156c1b2021-12-17 11:40:45.818root 11241100x8000000000000000139394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.818{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42027ce60dcc67542021-12-17 11:40:45.818root 11241100x8000000000000000139395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.819{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8899cf34b0da2b302021-12-17 11:40:45.819root 11241100x8000000000000000139396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.819{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a33472a292e5f92021-12-17 11:40:45.819root 11241100x8000000000000000139397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.819{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7c311c8345d5052021-12-17 11:40:45.819root 11241100x8000000000000000139398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.819{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4001608390645eb2021-12-17 11:40:45.819root 11241100x8000000000000000139399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.819{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f361f0cd10f3eb752021-12-17 11:40:45.819root 11241100x8000000000000000139400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.820{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2173e5b90d8b71bb2021-12-17 11:40:45.820root 11241100x8000000000000000139401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.820{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc0e9698395b4a42021-12-17 11:40:45.820root 11241100x8000000000000000139402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.820{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc495c4bf3b9b142021-12-17 11:40:45.820root 11241100x8000000000000000139403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.820{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5f53e1304cbd4d2021-12-17 11:40:45.820root 11241100x8000000000000000139404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.820{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ea9116cb7221d52021-12-17 11:40:45.820root 11241100x8000000000000000139405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.821{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef863d01c0609ea2021-12-17 11:40:45.821root 11241100x8000000000000000139406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.821{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca177b71a41026e42021-12-17 11:40:45.821root 11241100x8000000000000000139407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.821{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9915fc82601ebb52021-12-17 11:40:45.821root 11241100x8000000000000000139408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.821{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b815a86ed29a432021-12-17 11:40:45.821root 11241100x8000000000000000139409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.822{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6348f940dbc16ce32021-12-17 11:40:45.822root 11241100x8000000000000000139410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.822{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf64140309f74d32021-12-17 11:40:45.822root 11241100x8000000000000000139411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.822{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2c9391519ec7462021-12-17 11:40:45.822root 11241100x8000000000000000139412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.823{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0c8cc43a252a8d2021-12-17 11:40:45.823root 11241100x8000000000000000139413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.823{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bc8bc437b4796b2021-12-17 11:40:45.823root 11241100x8000000000000000139414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.823{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881a2f0d907ee67d2021-12-17 11:40:45.823root 11241100x8000000000000000139415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.823{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd8f5d6e0d599312021-12-17 11:40:45.823root 11241100x8000000000000000139416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.823{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa911478956585f2021-12-17 11:40:45.823root 11241100x8000000000000000139417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.823{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f3b3aed324c9e32021-12-17 11:40:45.823root 11241100x8000000000000000139418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.824{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffe9f4675cc25752021-12-17 11:40:45.824root 11241100x8000000000000000139419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.824{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb3a19ae1902d9b2021-12-17 11:40:45.824root 11241100x8000000000000000139420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.824{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdf995078512a702021-12-17 11:40:45.824root 11241100x8000000000000000139421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.824{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a7d0a8d861f6c72021-12-17 11:40:45.824root 11241100x8000000000000000139422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.824{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6df20187089f5d82021-12-17 11:40:45.824root 11241100x8000000000000000139423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.824{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca623d56e774f742021-12-17 11:40:45.824root 11241100x8000000000000000139424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.825{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16646c3ec51aaa072021-12-17 11:40:45.825root 11241100x8000000000000000139425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.825{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efae381e61add8a2021-12-17 11:40:45.825root 11241100x8000000000000000139426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.825{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46ddea242c072a12021-12-17 11:40:45.825root 11241100x8000000000000000139427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.825{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10b1e73a24d39cf2021-12-17 11:40:45.825root 11241100x8000000000000000139428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.826{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478ee261912818872021-12-17 11:40:45.826root 11241100x8000000000000000139429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.826{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e0755a1594d7822021-12-17 11:40:45.826root 11241100x8000000000000000139430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.826{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9dcca0d8fbff7f2021-12-17 11:40:45.826root 11241100x8000000000000000139431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.827{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448d44da7768b6492021-12-17 11:40:45.827root 11241100x8000000000000000139432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.827{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cdda2ce7e75f712021-12-17 11:40:45.827root 11241100x8000000000000000139433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.828{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f9e7eb670ae11e2021-12-17 11:40:45.828root 11241100x8000000000000000139434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.828{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432326d5e9acab5c2021-12-17 11:40:45.828root 11241100x8000000000000000139435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.828{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c09f9acc33079b2021-12-17 11:40:45.828root 11241100x8000000000000000139436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.828{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9759eb2ae5fcb2ff2021-12-17 11:40:45.828root 11241100x8000000000000000139437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.828{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845793cb5cb207362021-12-17 11:40:45.828root 11241100x8000000000000000139438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.828{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4726d3ed8ce65de42021-12-17 11:40:45.828root 11241100x8000000000000000139439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.828{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d657ae2c8546c5e02021-12-17 11:40:45.828root 11241100x8000000000000000139440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.829{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8dae1f4d6d75342021-12-17 11:40:45.829root 11241100x8000000000000000139441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.829{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95956705ae7f77752021-12-17 11:40:45.829root 11241100x8000000000000000139442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.829{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775208f3c09ecee52021-12-17 11:40:45.829root 11241100x8000000000000000139443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.829{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4269da1b35fe96992021-12-17 11:40:45.829root 11241100x8000000000000000139444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.829{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9171b32bf44f872021-12-17 11:40:45.829root 11241100x8000000000000000139445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.829{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb39d68c6d4c06f22021-12-17 11:40:45.829root 11241100x8000000000000000139446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.829{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0801754ca0961d22021-12-17 11:40:45.829root 11241100x8000000000000000139447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.830{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d855f92d08ef0b22021-12-17 11:40:45.830root 11241100x8000000000000000139448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.830{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33420808be111462021-12-17 11:40:45.830root 11241100x8000000000000000139449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.830{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b928a1639e4af5072021-12-17 11:40:45.830root 11241100x8000000000000000139450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.830{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde07289d5c713962021-12-17 11:40:45.830root 11241100x8000000000000000139451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.831{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb0ef0f76b0f2822021-12-17 11:40:45.831root 11241100x8000000000000000139452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.831{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0230750209268c72021-12-17 11:40:45.831root 11241100x8000000000000000139453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.831{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b1f5eb828d97432021-12-17 11:40:45.831root 11241100x8000000000000000139454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.832{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba52b1b04abe8e442021-12-17 11:40:45.832root 11241100x8000000000000000139455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.832{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926cbf6ffa066abd2021-12-17 11:40:45.832root 11241100x8000000000000000139456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.833{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a241bead18a9d51c2021-12-17 11:40:45.833root 11241100x8000000000000000139457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.833{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54c2de9aca815d52021-12-17 11:40:45.833root 11241100x8000000000000000139458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.833{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b781d33399f561d2021-12-17 11:40:45.833root 11241100x8000000000000000139459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.833{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af71b00db9e17c0e2021-12-17 11:40:45.833root 11241100x8000000000000000139460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.833{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf68e0d1891336912021-12-17 11:40:45.833root 11241100x8000000000000000139461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.833{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f39f9e422857eea2021-12-17 11:40:45.833root 11241100x8000000000000000139462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.833{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a446974f98be87d62021-12-17 11:40:45.833root 11241100x8000000000000000139463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.833{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c43a627eaec6acc2021-12-17 11:40:45.833root 11241100x8000000000000000139464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.833{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fb3dd978a6132f2021-12-17 11:40:45.833root 11241100x8000000000000000139465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.834{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0267300c5480852021-12-17 11:40:45.834root 11241100x8000000000000000139466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.834{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a198c23bfe1154b32021-12-17 11:40:45.834root 11241100x8000000000000000139467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.834{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d82b86febf58df2021-12-17 11:40:45.834root 11241100x8000000000000000139468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.834{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c623a9d16760ef2021-12-17 11:40:45.834root 11241100x8000000000000000139469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.834{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d024d78c535ffef12021-12-17 11:40:45.834root 11241100x8000000000000000139470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.834{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3874365c7e13bc0d2021-12-17 11:40:45.834root 11241100x8000000000000000139471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.834{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d97890e16a3d4422021-12-17 11:40:45.834root 11241100x8000000000000000139472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.834{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d53451583e317e2021-12-17 11:40:45.834root 11241100x8000000000000000139473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.835{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6009de39e1fed5d2021-12-17 11:40:45.835root 11241100x8000000000000000139474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.835{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be76d7ce46c23f752021-12-17 11:40:45.835root 11241100x8000000000000000139475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.835{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80c1cebe903f2552021-12-17 11:40:45.835root 11241100x8000000000000000139476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.835{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c8dfa9b4fd2d532021-12-17 11:40:45.835root 11241100x8000000000000000139477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.835{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3246030041871a3e2021-12-17 11:40:45.835root 11241100x8000000000000000139478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.835{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7033837c606c7be2021-12-17 11:40:45.835root 11241100x8000000000000000139479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.835{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fa718fc41f92d92021-12-17 11:40:45.835root 11241100x8000000000000000139480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.835{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915c7a0f0fd7d2692021-12-17 11:40:45.835root 11241100x8000000000000000139481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.836{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fadcc0fb5e85182021-12-17 11:40:45.836root 11241100x8000000000000000139482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.836{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe4cbb59e6b68672021-12-17 11:40:45.836root 11241100x8000000000000000139483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.836{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a290a2b78ba22442021-12-17 11:40:45.836root 11241100x8000000000000000139484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.836{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602a313d893277c62021-12-17 11:40:45.836root 11241100x8000000000000000139485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.836{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147a2e27470660fd2021-12-17 11:40:45.836root 11241100x8000000000000000139486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.836{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a41ea828faaaac2021-12-17 11:40:45.836root 11241100x8000000000000000139487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.836{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c7004f32251f692021-12-17 11:40:45.836root 11241100x8000000000000000139488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.836{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e7f042840c77022021-12-17 11:40:45.836root 11241100x8000000000000000139489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.836{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb1617b359021422021-12-17 11:40:45.836root 11241100x8000000000000000139490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.836{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4951e13824254d2021-12-17 11:40:45.836root 11241100x8000000000000000139491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.837{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c67b8b58dab9542021-12-17 11:40:45.837root 11241100x8000000000000000139492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.837{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d05795243e039a12021-12-17 11:40:45.837root 11241100x8000000000000000139493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.837{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9570867672b7d12021-12-17 11:40:45.837root 11241100x8000000000000000139494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.837{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6e72de5aa777702021-12-17 11:40:45.837root 11241100x8000000000000000139495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.837{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd7b9a136a383bb2021-12-17 11:40:45.837root 11241100x8000000000000000139496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.837{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714bb3116f0d7b462021-12-17 11:40:45.837root 11241100x8000000000000000139497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.837{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23b4220bedd578a2021-12-17 11:40:45.837root 11241100x8000000000000000139498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:45.837{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0849d63cced9b02021-12-17 11:40:45.837root 354300x8000000000000000139499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.159{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43278-false10.0.1.12-8000- 11241100x8000000000000000139500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.160{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3566970570930562021-12-17 11:40:46.160root 11241100x8000000000000000139501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.160{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d2b3056e0fff012021-12-17 11:40:46.160root 11241100x8000000000000000139502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.160{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5830e1c46f77a17b2021-12-17 11:40:46.160root 11241100x8000000000000000139503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.160{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595352a31b8ea55f2021-12-17 11:40:46.160root 11241100x8000000000000000139504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.160{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e335b6d6abc6de62021-12-17 11:40:46.160root 11241100x8000000000000000139505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.161{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d5a821a1f0fb302021-12-17 11:40:46.161root 11241100x8000000000000000139506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.161{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff6ab6b291714292021-12-17 11:40:46.161root 11241100x8000000000000000139507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.161{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa8a11c40e2271b2021-12-17 11:40:46.161root 11241100x8000000000000000139508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.161{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054de50e655824e02021-12-17 11:40:46.161root 11241100x8000000000000000139509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.161{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56576d7d032cb0842021-12-17 11:40:46.161root 11241100x8000000000000000139510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae5abff2a52ee952021-12-17 11:40:46.162root 11241100x8000000000000000139511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3374fd765651b82021-12-17 11:40:46.162root 11241100x8000000000000000139512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60b1e048ae330232021-12-17 11:40:46.162root 11241100x8000000000000000139513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce00825737478bfd2021-12-17 11:40:46.162root 11241100x8000000000000000139514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3057bbf12f24232021-12-17 11:40:46.162root 11241100x8000000000000000139515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7173f156c8ba1f8c2021-12-17 11:40:46.162root 11241100x8000000000000000139516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe28275bf86e8ea2021-12-17 11:40:46.162root 11241100x8000000000000000139517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f924658795115f72021-12-17 11:40:46.162root 11241100x8000000000000000139518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd99cf03db9712c2021-12-17 11:40:46.162root 11241100x8000000000000000139519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37da4d582b792a82021-12-17 11:40:46.162root 11241100x8000000000000000139520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcc496ede1864c72021-12-17 11:40:46.162root 11241100x8000000000000000139521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c076fa30a06dd02021-12-17 11:40:46.162root 11241100x8000000000000000139522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ea3170f665b6cd2021-12-17 11:40:46.162root 11241100x8000000000000000139523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e0d7ca888650362021-12-17 11:40:46.162root 11241100x8000000000000000139524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.162{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b5d1cc4335046a2021-12-17 11:40:46.162root 11241100x8000000000000000139525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.163{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d6de94fa9f43662021-12-17 11:40:46.163root 11241100x8000000000000000139526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.163{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999f0c76ff7b84472021-12-17 11:40:46.163root 11241100x8000000000000000139527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.163{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1782c221b69415c52021-12-17 11:40:46.163root 11241100x8000000000000000139528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.163{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40639c9875daf6652021-12-17 11:40:46.163root 11241100x8000000000000000139529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.163{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f704851cdbe98d2021-12-17 11:40:46.163root 11241100x8000000000000000139530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.163{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2d92a0b008bf9a2021-12-17 11:40:46.163root 11241100x8000000000000000139531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.163{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c76d35a08d6c892021-12-17 11:40:46.163root 11241100x8000000000000000139532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.163{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986942a7488594e02021-12-17 11:40:46.163root 11241100x8000000000000000139533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.163{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e766718913b8bb342021-12-17 11:40:46.163root 11241100x8000000000000000139534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.164{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fca97dcb1e816a2021-12-17 11:40:46.164root 11241100x8000000000000000139535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.164{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560c4384ef506e232021-12-17 11:40:46.164root 11241100x8000000000000000139536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.164{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531ac1e70782cb7f2021-12-17 11:40:46.164root 11241100x8000000000000000139537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.164{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a413504d49b13d712021-12-17 11:40:46.164root 11241100x8000000000000000139538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.164{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b965bcdd2ecda6a2021-12-17 11:40:46.164root 11241100x8000000000000000139539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.164{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5674dcbb143b5272021-12-17 11:40:46.164root 11241100x8000000000000000139540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.164{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe16402b1787a842021-12-17 11:40:46.164root 11241100x8000000000000000139541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.164{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32df452151f13a132021-12-17 11:40:46.164root 11241100x8000000000000000139542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.164{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0228f37c2189a7892021-12-17 11:40:46.164root 11241100x8000000000000000139543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.165{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedf60bd309899042021-12-17 11:40:46.165root 11241100x8000000000000000139544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.165{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c1b26c9f8bdc952021-12-17 11:40:46.165root 11241100x8000000000000000139545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.166{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99408c5527d7637c2021-12-17 11:40:46.166root 11241100x8000000000000000139546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.166{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380e262c411c3cf52021-12-17 11:40:46.166root 11241100x8000000000000000139547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.166{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5d3a99f9d54d922021-12-17 11:40:46.166root 11241100x8000000000000000139548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.166{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157b6f20ba7af0d02021-12-17 11:40:46.166root 11241100x8000000000000000139549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.166{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe84f275161bef8e2021-12-17 11:40:46.166root 11241100x8000000000000000139550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.167{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cd572393a8ac852021-12-17 11:40:46.167root 11241100x8000000000000000139551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.167{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917c2bf6dfaf3b5e2021-12-17 11:40:46.167root 11241100x8000000000000000139552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.168{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81863066b77c4b572021-12-17 11:40:46.168root 11241100x8000000000000000139553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.168{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96314aa1a849911f2021-12-17 11:40:46.168root 11241100x8000000000000000139554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.168{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c5d9bd4de49ed02021-12-17 11:40:46.168root 11241100x8000000000000000139555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.168{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5446da992751f362021-12-17 11:40:46.168root 11241100x8000000000000000139556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.168{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5833987e1b27d3622021-12-17 11:40:46.168root 11241100x8000000000000000139557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.168{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d75b00627d336f02021-12-17 11:40:46.168root 11241100x8000000000000000139558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.168{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a34e100204cc452021-12-17 11:40:46.168root 11241100x8000000000000000139559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.168{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8949c12c18e2ec52021-12-17 11:40:46.168root 11241100x8000000000000000139560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.168{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3397cd85028978d42021-12-17 11:40:46.168root 11241100x8000000000000000139561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.168{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6975828507e6ba9b2021-12-17 11:40:46.168root 11241100x8000000000000000139562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.169{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593a221f55ae63ed2021-12-17 11:40:46.169root 11241100x8000000000000000139563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.169{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39d8c02b09d97fd2021-12-17 11:40:46.169root 11241100x8000000000000000139564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.169{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e3f58744e7cacc2021-12-17 11:40:46.169root 11241100x8000000000000000139565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.169{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f40827872a9b4b2021-12-17 11:40:46.169root 11241100x8000000000000000139566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.169{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8803a3d08e498f232021-12-17 11:40:46.169root 11241100x8000000000000000139567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.169{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476b2ede952c1d7e2021-12-17 11:40:46.169root 11241100x8000000000000000139568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.169{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a93ef65bab246a12021-12-17 11:40:46.169root 11241100x8000000000000000139569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.170{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948a84f0a094a7832021-12-17 11:40:46.170root 11241100x8000000000000000139570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.170{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300b12592ad3c6c12021-12-17 11:40:46.170root 11241100x8000000000000000139571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.170{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d279c90e91bbd32021-12-17 11:40:46.170root 11241100x8000000000000000139572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.171{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cb3087974adedd2021-12-17 11:40:46.171root 11241100x8000000000000000139573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.171{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cee0a8f42bb4012021-12-17 11:40:46.171root 11241100x8000000000000000139574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53069897a38e6b9f2021-12-17 11:40:46.172root 11241100x8000000000000000139575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906d023388cd9c092021-12-17 11:40:46.172root 11241100x8000000000000000139576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d9fb1fe7aa0ae42021-12-17 11:40:46.172root 11241100x8000000000000000139577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2ac36fe2ff9bfd2021-12-17 11:40:46.172root 11241100x8000000000000000139578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179239280be093442021-12-17 11:40:46.172root 11241100x8000000000000000139579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c8ff44d743121a2021-12-17 11:40:46.172root 11241100x8000000000000000139580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabe7a1f3f6c8c712021-12-17 11:40:46.172root 11241100x8000000000000000139581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.172{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb4f9a49a11138d2021-12-17 11:40:46.172root 11241100x8000000000000000139582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.173{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef53bc13f89009b2021-12-17 11:40:46.173root 11241100x8000000000000000139583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.173{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52bb5f3398b3aba2021-12-17 11:40:46.173root 11241100x8000000000000000139584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.173{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26adab6cb030a9c02021-12-17 11:40:46.173root 11241100x8000000000000000139585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.173{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ee684d876359a82021-12-17 11:40:46.173root 11241100x8000000000000000139586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.174{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230c243da637c8062021-12-17 11:40:46.174root 11241100x8000000000000000139587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.174{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e14bb1729f9f4c2021-12-17 11:40:46.174root 11241100x8000000000000000139588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.174{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4c6b7aeb7979a82021-12-17 11:40:46.174root 11241100x8000000000000000139589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.174{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3528c1aba02d6f122021-12-17 11:40:46.174root 11241100x8000000000000000139590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.174{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e86872f56bf86d2021-12-17 11:40:46.174root 11241100x8000000000000000139591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.176{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bd9f3d5684dd512021-12-17 11:40:46.176root 11241100x8000000000000000139592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.176{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0771d5b69f751f0c2021-12-17 11:40:46.176root 11241100x8000000000000000139593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.176{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b70b5bb1b8d8d852021-12-17 11:40:46.176root 11241100x8000000000000000139594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.176{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8634aaa3b2716662021-12-17 11:40:46.176root 11241100x8000000000000000139595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.176{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f98f99146f7b9b2021-12-17 11:40:46.176root 11241100x8000000000000000139596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.176{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2397d77f03f7e6692021-12-17 11:40:46.176root 11241100x8000000000000000139597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.177{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b7d8f8c046bf192021-12-17 11:40:46.177root 11241100x8000000000000000139598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.177{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b75e7e993edd492021-12-17 11:40:46.177root 11241100x8000000000000000139599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.177{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4099cf0647e8f28c2021-12-17 11:40:46.177root 11241100x8000000000000000139600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.177{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eaa696fe50aeb02021-12-17 11:40:46.177root 11241100x8000000000000000139601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.177{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb1febe0c41c39f2021-12-17 11:40:46.177root 11241100x8000000000000000139602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.177{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fea19a5612f9322021-12-17 11:40:46.177root 11241100x8000000000000000139603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.177{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88facc2e7b272a222021-12-17 11:40:46.177root 11241100x8000000000000000139604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.177{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa4aeba2472ad012021-12-17 11:40:46.177root 11241100x8000000000000000139605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.177{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06381dc5d37bada82021-12-17 11:40:46.177root 11241100x8000000000000000139606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.178{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485266209eae0e5a2021-12-17 11:40:46.178root 11241100x8000000000000000139607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.178{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9a7377c0539ddd2021-12-17 11:40:46.178root 11241100x8000000000000000139608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.179{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5efebe9f6ca63232021-12-17 11:40:46.179root 11241100x8000000000000000139609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.179{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30563ce3ef5bb4a2021-12-17 11:40:46.179root 11241100x8000000000000000139610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.179{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2c6908c363fedd2021-12-17 11:40:46.179root 11241100x8000000000000000139611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.179{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18aba1d6b74b8b82021-12-17 11:40:46.179root 11241100x8000000000000000139612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.180{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ba6e52767bdb3d2021-12-17 11:40:46.180root 11241100x8000000000000000139613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.180{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bb46e82c6a0f0e2021-12-17 11:40:46.180root 11241100x8000000000000000139614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.180{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540c6588df0e30f62021-12-17 11:40:46.180root 11241100x8000000000000000139615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.180{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41fcc5a3789c7b12021-12-17 11:40:46.180root 11241100x8000000000000000139616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.180{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a338a9d684324642021-12-17 11:40:46.180root 11241100x8000000000000000139617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.180{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f005880356c4c9192021-12-17 11:40:46.180root 11241100x8000000000000000139618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.180{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df20ea51370f8c052021-12-17 11:40:46.180root 11241100x8000000000000000139619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.180{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bf5527eb321d362021-12-17 11:40:46.180root 11241100x8000000000000000139620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.180{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1bc6ceba4139652021-12-17 11:40:46.180root 11241100x8000000000000000139621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.180{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cbfbca3f92e7912021-12-17 11:40:46.180root 11241100x8000000000000000139622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.181{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba41449bc899c72e2021-12-17 11:40:46.181root 11241100x8000000000000000139623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.181{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080708a93280424d2021-12-17 11:40:46.181root 11241100x8000000000000000139624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.181{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9940c04bbd4aeefa2021-12-17 11:40:46.181root 11241100x8000000000000000139625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.181{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463db3ff854f3e522021-12-17 11:40:46.181root 11241100x8000000000000000139626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.181{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f421af61009cccc52021-12-17 11:40:46.181root 11241100x8000000000000000139627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.185{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9095b876adf1352021-12-17 11:40:46.185root 11241100x8000000000000000139628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.185{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ab6ed81f28dbdb2021-12-17 11:40:46.185root 11241100x8000000000000000139629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.186{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3665c85e3a2aa2f2021-12-17 11:40:46.186root 11241100x8000000000000000139630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.186{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2607a91d94aa6a92021-12-17 11:40:46.186root 11241100x8000000000000000139631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.186{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b578a344649ea72021-12-17 11:40:46.186root 11241100x8000000000000000139632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.186{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6793a4d830c1a2942021-12-17 11:40:46.186root 11241100x8000000000000000139633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.186{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3960d46b5820b1d82021-12-17 11:40:46.186root 11241100x8000000000000000139634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.186{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2f2688c261b4052021-12-17 11:40:46.186root 11241100x8000000000000000139635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.186{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8c4d844df7da872021-12-17 11:40:46.186root 11241100x8000000000000000139636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.186{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07450b5e70c7a29a2021-12-17 11:40:46.186root 11241100x8000000000000000139637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13be39d0919bcc422021-12-17 11:40:46.187root 11241100x8000000000000000139638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf5c84b9db60cc12021-12-17 11:40:46.187root 11241100x8000000000000000139639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097de6696a8536e42021-12-17 11:40:46.187root 11241100x8000000000000000139640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa65f9a8d040b782021-12-17 11:40:46.187root 11241100x8000000000000000139641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c5a2d64564fff52021-12-17 11:40:46.187root 11241100x8000000000000000139642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99eb78a108c866c2021-12-17 11:40:46.187root 11241100x8000000000000000139643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9633b2752d78eab2021-12-17 11:40:46.187root 11241100x8000000000000000139644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d46fc42361c9fb2021-12-17 11:40:46.187root 11241100x8000000000000000139645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639087669579e2c82021-12-17 11:40:46.187root 11241100x8000000000000000139646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f404d1dbe8bbe0d62021-12-17 11:40:46.187root 11241100x8000000000000000139647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680cde0c2ba6e4d22021-12-17 11:40:46.187root 11241100x8000000000000000139648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7941bfe5cf9b1a2021-12-17 11:40:46.187root 11241100x8000000000000000139649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed7832e84aeaaea2021-12-17 11:40:46.187root 11241100x8000000000000000139650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21639dd279b864722021-12-17 11:40:46.187root 11241100x8000000000000000139651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c0bac042b47d282021-12-17 11:40:46.187root 11241100x8000000000000000139652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc843a0b3491eb72021-12-17 11:40:46.187root 11241100x8000000000000000139653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880cb46b4e68b05c2021-12-17 11:40:46.188root 11241100x8000000000000000139654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9190fddfa3cee2e2021-12-17 11:40:46.188root 11241100x8000000000000000139655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d11ca112f997e042021-12-17 11:40:46.188root 11241100x8000000000000000139656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05763094916daff12021-12-17 11:40:46.188root 11241100x8000000000000000139657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337bc808cbec58c32021-12-17 11:40:46.188root 11241100x8000000000000000139658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c4833dc0c117942021-12-17 11:40:46.188root 11241100x8000000000000000139659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4245cd311cd387a2021-12-17 11:40:46.188root 11241100x8000000000000000139660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9bd16ebf7501502021-12-17 11:40:46.188root 11241100x8000000000000000139661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703040621d9504452021-12-17 11:40:46.188root 11241100x8000000000000000139662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8748a35029051fe22021-12-17 11:40:46.188root 11241100x8000000000000000139663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed72031c6a071172021-12-17 11:40:46.188root 11241100x8000000000000000139664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead4b1ffc90468e52021-12-17 11:40:46.188root 11241100x8000000000000000139665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a2277dded633682021-12-17 11:40:46.188root 11241100x8000000000000000139666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e56f8bb688591f2021-12-17 11:40:46.188root 11241100x8000000000000000139667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe93e1700b52318f2021-12-17 11:40:46.188root 11241100x8000000000000000139668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8989b29a825af8812021-12-17 11:40:46.188root 11241100x8000000000000000139669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf527436b1d0a442021-12-17 11:40:46.189root 11241100x8000000000000000139670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a29edb7d4b87b412021-12-17 11:40:46.189root 11241100x8000000000000000139671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cad44a31f9ceac2021-12-17 11:40:46.189root 11241100x8000000000000000139672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8398260cd698ce522021-12-17 11:40:46.189root 11241100x8000000000000000139673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a3d193ecbc28fa2021-12-17 11:40:46.189root 11241100x8000000000000000139674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4455547283ac22642021-12-17 11:40:46.189root 11241100x8000000000000000139675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e427b7dc380897112021-12-17 11:40:46.189root 11241100x8000000000000000139676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aeea4fc64d3124a2021-12-17 11:40:46.189root 11241100x8000000000000000139677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aa6e784ef6e3e12021-12-17 11:40:46.189root 11241100x8000000000000000139678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cc6721b30b8c622021-12-17 11:40:46.189root 11241100x8000000000000000139679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66447aaf5baf6652021-12-17 11:40:46.190root 11241100x8000000000000000139680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3675691bdfc07482021-12-17 11:40:46.190root 11241100x8000000000000000139681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37625f9fddb727c2021-12-17 11:40:46.190root 11241100x8000000000000000139682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd17237e03ced222021-12-17 11:40:46.190root 11241100x8000000000000000139683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314ec3d1f73e1b722021-12-17 11:40:46.190root 11241100x8000000000000000139684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ff3c055b668fba2021-12-17 11:40:46.190root 11241100x8000000000000000139685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398c9e80ae9ba2232021-12-17 11:40:46.190root 11241100x8000000000000000139686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.192{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda82e18f0b7b9542021-12-17 11:40:46.192root 11241100x8000000000000000139687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.192{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f1e497233505ea2021-12-17 11:40:46.192root 11241100x8000000000000000139688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.192{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d200186de13e1f2021-12-17 11:40:46.192root 11241100x8000000000000000139689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.192{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fbb2b7ad40f2b32021-12-17 11:40:46.192root 11241100x8000000000000000139690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.193{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504bfea2448622a22021-12-17 11:40:46.193root 11241100x8000000000000000139691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.193{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3a9c6a9ee324912021-12-17 11:40:46.193root 11241100x8000000000000000139692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.193{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb829a8a985aaeb2021-12-17 11:40:46.193root 11241100x8000000000000000139693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.193{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a1948c6d58b2512021-12-17 11:40:46.193root 11241100x8000000000000000139694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.193{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43052477552099452021-12-17 11:40:46.193root 11241100x8000000000000000139695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.193{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ef7bfde65a42712021-12-17 11:40:46.193root 11241100x8000000000000000139696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.193{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dddaf6c7991c2762021-12-17 11:40:46.193root 11241100x8000000000000000139697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.193{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c6543f53d66f302021-12-17 11:40:46.193root 11241100x8000000000000000139698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.194{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a5e3244361be912021-12-17 11:40:46.194root 11241100x8000000000000000139699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.194{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dd322aaff353212021-12-17 11:40:46.194root 11241100x8000000000000000139700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.194{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c853d780ff51cf2021-12-17 11:40:46.194root 11241100x8000000000000000139701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.194{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d7d7ef2ff126802021-12-17 11:40:46.194root 11241100x8000000000000000139702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d61bb195bdf29272021-12-17 11:40:46.195root 11241100x8000000000000000139703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7306304555fb1e1a2021-12-17 11:40:46.195root 11241100x8000000000000000139704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fea8d350e013ff2021-12-17 11:40:46.195root 11241100x8000000000000000139705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40da50405b2d52802021-12-17 11:40:46.195root 11241100x8000000000000000139706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0210d60676fa47f2021-12-17 11:40:46.195root 11241100x8000000000000000139707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397e4d5445ecee352021-12-17 11:40:46.195root 11241100x8000000000000000139708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.195{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07edf72fa2d44fed2021-12-17 11:40:46.195root 11241100x8000000000000000139709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d5b980d332edbc2021-12-17 11:40:46.196root 11241100x8000000000000000139710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decfdee94f5f33df2021-12-17 11:40:46.196root 11241100x8000000000000000139711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c454026858f23e2021-12-17 11:40:46.196root 11241100x8000000000000000139712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6acbc654e4b0f72021-12-17 11:40:46.196root 11241100x8000000000000000139713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabf7620cab3b8c72021-12-17 11:40:46.196root 11241100x8000000000000000139714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd772effccd32b1c2021-12-17 11:40:46.196root 11241100x8000000000000000139715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.196{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81375a80e45cd67c2021-12-17 11:40:46.196root 11241100x8000000000000000139716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.197{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734982186ca53b842021-12-17 11:40:46.197root 11241100x8000000000000000139717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.197{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdad53b1b91684fb2021-12-17 11:40:46.197root 11241100x8000000000000000139718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.197{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4867afd252d4a122021-12-17 11:40:46.197root 11241100x8000000000000000139719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.197{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8d3d222d46055b2021-12-17 11:40:46.197root 11241100x8000000000000000139720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.197{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71d13a74afd3b862021-12-17 11:40:46.197root 11241100x8000000000000000139721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.197{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae68e4fccb5380352021-12-17 11:40:46.197root 11241100x8000000000000000139722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.197{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344943bf254a10212021-12-17 11:40:46.197root 11241100x8000000000000000139723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.198{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3316e76eb5d2cfcd2021-12-17 11:40:46.198root 11241100x8000000000000000139724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.198{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7d9e78abf362912021-12-17 11:40:46.198root 11241100x8000000000000000139725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.198{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c07164c0e7ddf5a2021-12-17 11:40:46.198root 11241100x8000000000000000139726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.198{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab50832881cf73962021-12-17 11:40:46.198root 11241100x8000000000000000139727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.198{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03093987385603612021-12-17 11:40:46.198root 11241100x8000000000000000139728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.198{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45adce25100d40552021-12-17 11:40:46.198root 11241100x8000000000000000139729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.198{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de68fcd7499de8972021-12-17 11:40:46.198root 11241100x8000000000000000139730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.199{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a0c7e8778a58112021-12-17 11:40:46.199root 11241100x8000000000000000139731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.199{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcd54912eb0783d2021-12-17 11:40:46.199root 11241100x8000000000000000139732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.199{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d9737c34223d142021-12-17 11:40:46.199root 11241100x8000000000000000139733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.199{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a83e2353a39a84b2021-12-17 11:40:46.199root 11241100x8000000000000000139734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.199{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bff52ac9cdf90ce2021-12-17 11:40:46.199root 11241100x8000000000000000139735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.199{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e948d89f166708ac2021-12-17 11:40:46.199root 11241100x8000000000000000139736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.199{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242ee85c051cbb412021-12-17 11:40:46.199root 11241100x8000000000000000139737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.199{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d919ec8d73470f2021-12-17 11:40:46.199root 11241100x8000000000000000139738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.199{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3d60a095baec4e2021-12-17 11:40:46.199root 11241100x8000000000000000139739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.200{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebd22b63e006aed2021-12-17 11:40:46.200root 11241100x8000000000000000139740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.200{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce859bd3894fb7d2021-12-17 11:40:46.200root 11241100x8000000000000000139741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.200{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211dfbf14190f2d62021-12-17 11:40:46.200root 11241100x8000000000000000139742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.200{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f268ea9b649b28e92021-12-17 11:40:46.200root 11241100x8000000000000000139743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.200{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe3835699e2940e2021-12-17 11:40:46.200root 11241100x8000000000000000139744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.200{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7e051caf6fb7b42021-12-17 11:40:46.200root 11241100x8000000000000000139745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.200{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d1627d79c8721e2021-12-17 11:40:46.200root 11241100x8000000000000000139746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.201{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b45c3cb499c88812021-12-17 11:40:46.201root 11241100x8000000000000000139747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.201{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55066e88d10bfb12021-12-17 11:40:46.201root 11241100x8000000000000000139748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.201{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6b7c69f733dbd42021-12-17 11:40:46.201root 11241100x8000000000000000139749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.201{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10687ff414aefe752021-12-17 11:40:46.201root 11241100x8000000000000000139750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.201{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0087d4116234072021-12-17 11:40:46.201root 11241100x8000000000000000139751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.201{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b521a43de1959dc42021-12-17 11:40:46.201root 11241100x8000000000000000139752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.201{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1c12d33864b3d02021-12-17 11:40:46.201root 11241100x8000000000000000139753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.202{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664b94c41729d77c2021-12-17 11:40:46.202root 11241100x8000000000000000139754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.202{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103428225e4b78092021-12-17 11:40:46.202root 11241100x8000000000000000139755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.202{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfdd0b8ccb7ab342021-12-17 11:40:46.202root 11241100x8000000000000000139756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.202{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f044fb3e24b61f942021-12-17 11:40:46.202root 11241100x8000000000000000139757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.203{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32bf9675fe5fc742021-12-17 11:40:46.203root 11241100x8000000000000000139758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.203{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe558d52ba048ff2021-12-17 11:40:46.203root 11241100x8000000000000000139759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.203{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889c2299bec20ffe2021-12-17 11:40:46.203root 11241100x8000000000000000139760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.203{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1019a9d3905380162021-12-17 11:40:46.203root 11241100x8000000000000000139761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.203{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c817f24ea63082a82021-12-17 11:40:46.203root 11241100x8000000000000000139762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.204{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0084ccbd8c9adcd2021-12-17 11:40:46.204root 11241100x8000000000000000139763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.204{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a77b7f795532b52021-12-17 11:40:46.204root 11241100x8000000000000000139764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.204{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3511152410896b52021-12-17 11:40:46.204root 11241100x8000000000000000139765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.204{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b632242f75a71c422021-12-17 11:40:46.204root 11241100x8000000000000000139766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.204{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fed7cce85013a32021-12-17 11:40:46.204root 11241100x8000000000000000139767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.204{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e2d0bf25b22e512021-12-17 11:40:46.204root 11241100x8000000000000000139768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.205{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f8f3a5c839a64a2021-12-17 11:40:46.205root 11241100x8000000000000000139769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.205{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44966b6b259a14882021-12-17 11:40:46.205root 11241100x8000000000000000139770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.205{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9b327a6c2306be2021-12-17 11:40:46.205root 11241100x8000000000000000139771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.205{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfcb8c3eabcd06a2021-12-17 11:40:46.205root 11241100x8000000000000000139772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.205{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164b5dec31da9e442021-12-17 11:40:46.205root 11241100x8000000000000000139773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.205{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9369f486239c2af2021-12-17 11:40:46.205root 11241100x8000000000000000139774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.206{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3b96a2ff3ba7d02021-12-17 11:40:46.206root 11241100x8000000000000000139775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.206{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaabcdd33e784a32021-12-17 11:40:46.206root 11241100x8000000000000000139776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.206{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2c019c7ef807632021-12-17 11:40:46.206root 11241100x8000000000000000139777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.206{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154080f9e265658e2021-12-17 11:40:46.206root 11241100x8000000000000000139778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.206{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0c55fa7f1146282021-12-17 11:40:46.206root 11241100x8000000000000000139779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.206{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148ba28c4d2a5a712021-12-17 11:40:46.206root 11241100x8000000000000000139780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.207{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23d5aece2bf6f4f2021-12-17 11:40:46.207root 11241100x8000000000000000139781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.207{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb55f7d9ac98b8fe2021-12-17 11:40:46.207root 11241100x8000000000000000139782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.207{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096ac99d718e74102021-12-17 11:40:46.207root 11241100x8000000000000000139783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.207{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161e026db8ded2a32021-12-17 11:40:46.207root 11241100x8000000000000000139784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.207{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e4c4901f6683ff2021-12-17 11:40:46.207root 11241100x8000000000000000139785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.207{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0637e61ced1b18a32021-12-17 11:40:46.207root 11241100x8000000000000000139786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.207{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caa46df2889c3712021-12-17 11:40:46.207root 11241100x8000000000000000139787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.207{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b47be4313b96ab2021-12-17 11:40:46.207root 11241100x8000000000000000139788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.208{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3c6baa606a2f612021-12-17 11:40:46.208root 11241100x8000000000000000139789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.208{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1efd628f86970d52021-12-17 11:40:46.208root 11241100x8000000000000000139790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.208{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d1d06ffbe0acec2021-12-17 11:40:46.208root 11241100x8000000000000000139791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.208{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b111e05d77b718022021-12-17 11:40:46.208root 11241100x8000000000000000139792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.208{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59f8ab3acb732ce2021-12-17 11:40:46.208root 11241100x8000000000000000139793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.208{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41426a26dcf1427a2021-12-17 11:40:46.208root 11241100x8000000000000000139794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.208{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a28d1c0873020212021-12-17 11:40:46.208root 11241100x8000000000000000139795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.209{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a916fa6429cf7d2021-12-17 11:40:46.209root 11241100x8000000000000000139796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.209{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b376d3501c3d032021-12-17 11:40:46.209root 11241100x8000000000000000139797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.209{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01504ead6f4a2f82021-12-17 11:40:46.209root 11241100x8000000000000000139798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.209{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798d0d5a7064c69e2021-12-17 11:40:46.209root 11241100x8000000000000000139799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.209{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b55f2378f26d8ac2021-12-17 11:40:46.209root 11241100x8000000000000000139800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.209{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4a579d5b1e13ee2021-12-17 11:40:46.209root 11241100x8000000000000000139801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.209{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3397eaa573864e6b2021-12-17 11:40:46.209root 11241100x8000000000000000139802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.210{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bc8686bd10c6f82021-12-17 11:40:46.210root 11241100x8000000000000000139803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.210{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b46d46ad1cd31e92021-12-17 11:40:46.210root 11241100x8000000000000000139804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.210{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a4ae351bfc646b2021-12-17 11:40:46.210root 11241100x8000000000000000139805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.210{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4526a387f764b19d2021-12-17 11:40:46.210root 11241100x8000000000000000139806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.210{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c2c8fac7896b842021-12-17 11:40:46.210root 11241100x8000000000000000139807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.210{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b838f4fe900af42021-12-17 11:40:46.210root 11241100x8000000000000000139808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.210{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd1ca6a113e78042021-12-17 11:40:46.210root 11241100x8000000000000000139809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.211{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6b202ff452c1092021-12-17 11:40:46.211root 11241100x8000000000000000139810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.211{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c582b2142a95901a2021-12-17 11:40:46.211root 11241100x8000000000000000139811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.214{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807402c1141333b12021-12-17 11:40:46.214root 11241100x8000000000000000139812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.215{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bc8134bf6e56912021-12-17 11:40:46.215root 11241100x8000000000000000139813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.215{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc57d477fd8822b72021-12-17 11:40:46.215root 11241100x8000000000000000139814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.215{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fd2018c43ff5122021-12-17 11:40:46.215root 11241100x8000000000000000139815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.215{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11e2369eaf343aa2021-12-17 11:40:46.215root 11241100x8000000000000000139816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.215{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b25132d3e5dcbce2021-12-17 11:40:46.215root 11241100x8000000000000000139817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.216{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d99b52d1d01d292021-12-17 11:40:46.216root 11241100x8000000000000000139818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.216{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bb4395f80c5bbb2021-12-17 11:40:46.216root 11241100x8000000000000000139819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.216{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41657e93235a14e42021-12-17 11:40:46.216root 11241100x8000000000000000139820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.216{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d37b0c0cf0813542021-12-17 11:40:46.216root 11241100x8000000000000000139821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.216{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fac8c95c019b722021-12-17 11:40:46.216root 11241100x8000000000000000139822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.216{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881e145184f756fa2021-12-17 11:40:46.216root 11241100x8000000000000000139823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.216{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f94841e500bcc62021-12-17 11:40:46.216root 11241100x8000000000000000139824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.216{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7597752d4475fb2021-12-17 11:40:46.216root 11241100x8000000000000000139825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.218{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878fe7e2064c78192021-12-17 11:40:46.218root 11241100x8000000000000000139826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.218{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91267aa04edecd332021-12-17 11:40:46.218root 11241100x8000000000000000139827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.219{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce51a1f2db0ac6c52021-12-17 11:40:46.219root 11241100x8000000000000000139828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4076ab8cb77c1382021-12-17 11:40:46.221root 11241100x8000000000000000139829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d45b4099896db82021-12-17 11:40:46.221root 11241100x8000000000000000139830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9893119c3e55eba42021-12-17 11:40:46.221root 11241100x8000000000000000139831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef93927532761672021-12-17 11:40:46.221root 11241100x8000000000000000139832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c526387dbc45b32021-12-17 11:40:46.221root 11241100x8000000000000000139833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c26ee6144c25d02021-12-17 11:40:46.221root 11241100x8000000000000000139834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a6fdc1383a62ac2021-12-17 11:40:46.221root 11241100x8000000000000000139835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2524ff35fb03af162021-12-17 11:40:46.221root 11241100x8000000000000000139836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967c3885d8cde89c2021-12-17 11:40:46.221root 11241100x8000000000000000139837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92acf9213b6df8152021-12-17 11:40:46.221root 11241100x8000000000000000139838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4c0b87e4a1883d2021-12-17 11:40:46.221root 11241100x8000000000000000139839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.221{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3f91d6ce9057702021-12-17 11:40:46.221root 11241100x8000000000000000139840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.222{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13dc0793c2b50312021-12-17 11:40:46.222root 11241100x8000000000000000139841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.222{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ead0a69a6452a42021-12-17 11:40:46.222root 11241100x8000000000000000139842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.222{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ab2ad4d59a67602021-12-17 11:40:46.222root 11241100x8000000000000000139843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.222{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cb6b5eb5d1c5432021-12-17 11:40:46.222root 11241100x8000000000000000139844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.222{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7155aecfca421ec2021-12-17 11:40:46.222root 11241100x8000000000000000139845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.222{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af11aaf702283032021-12-17 11:40:46.222root 11241100x8000000000000000139846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.222{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf10ee523a3defaf2021-12-17 11:40:46.222root 11241100x8000000000000000139847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.224{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1a0a403f65b9d92021-12-17 11:40:46.224root 11241100x8000000000000000139848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.225{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4908fef729ac07072021-12-17 11:40:46.225root 11241100x8000000000000000139849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.225{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffebd43aec2832dc2021-12-17 11:40:46.225root 11241100x8000000000000000139850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.225{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ec7f91a9de12352021-12-17 11:40:46.225root 11241100x8000000000000000139851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.226{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dbe5950adff2e52021-12-17 11:40:46.226root 11241100x8000000000000000139852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.226{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8894b69ed310372d2021-12-17 11:40:46.226root 11241100x8000000000000000139853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.226{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93564e4b394ed2a82021-12-17 11:40:46.226root 11241100x8000000000000000139854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.226{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcade772f5f94c722021-12-17 11:40:46.226root 11241100x8000000000000000139855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.227{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd31c2d77fdb157d2021-12-17 11:40:46.227root 11241100x8000000000000000139856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.227{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786a17cc7c80ce712021-12-17 11:40:46.227root 11241100x8000000000000000139857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.227{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09def2f6d043cf832021-12-17 11:40:46.227root 11241100x8000000000000000139858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.228{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427b170294cfa94f2021-12-17 11:40:46.228root 11241100x8000000000000000139859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.228{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bd2e2b02916aab2021-12-17 11:40:46.228root 11241100x8000000000000000139860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.228{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86adce234b8561ff2021-12-17 11:40:46.228root 11241100x8000000000000000139861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.228{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47cf028215199b42021-12-17 11:40:46.228root 11241100x8000000000000000139862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.228{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e99baa5d7e1fab72021-12-17 11:40:46.228root 11241100x8000000000000000139863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.231{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80612919555df6192021-12-17 11:40:46.231root 11241100x8000000000000000139864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.231{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b76633e071ad382021-12-17 11:40:46.231root 11241100x8000000000000000139865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.231{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9581ca0cfa2450a32021-12-17 11:40:46.231root 11241100x8000000000000000139866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.231{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac523e43028ba4b62021-12-17 11:40:46.231root 11241100x8000000000000000139867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.231{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12653a25a1fd268f2021-12-17 11:40:46.231root 11241100x8000000000000000139868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.231{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7dd934e7f089aa2021-12-17 11:40:46.231root 11241100x8000000000000000139869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.232{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4d46e8c9b88c552021-12-17 11:40:46.232root 11241100x8000000000000000139870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.232{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b628d040e808f22021-12-17 11:40:46.232root 11241100x8000000000000000139871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.232{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94aef82e4b6c71972021-12-17 11:40:46.232root 11241100x8000000000000000139872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.232{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc84bc0bce9845352021-12-17 11:40:46.232root 11241100x8000000000000000139873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.232{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a598eed5e86e512021-12-17 11:40:46.232root 11241100x8000000000000000139874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.232{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f930892d4517e72021-12-17 11:40:46.232root 11241100x8000000000000000139875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.232{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33839f0b674427312021-12-17 11:40:46.232root 11241100x8000000000000000139876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.232{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad76d06de22a68c2021-12-17 11:40:46.232root 11241100x8000000000000000139877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.232{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce9abd7d877ab992021-12-17 11:40:46.232root 11241100x8000000000000000139878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.232{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6703e99ff74d19fd2021-12-17 11:40:46.232root 11241100x8000000000000000139879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.232{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b51a7e1779900d32021-12-17 11:40:46.232root 11241100x8000000000000000139880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.233{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da66fa50bdb441632021-12-17 11:40:46.233root 11241100x8000000000000000139881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.233{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a04cc8e4db410672021-12-17 11:40:46.233root 11241100x8000000000000000139882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.233{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a3eeb6c50542ee2021-12-17 11:40:46.233root 11241100x8000000000000000139883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.233{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3978d2d9bc031a602021-12-17 11:40:46.233root 11241100x8000000000000000139884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.233{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f5b67643f8685e2021-12-17 11:40:46.233root 11241100x8000000000000000139885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.233{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af29505e331255ab2021-12-17 11:40:46.233root 11241100x8000000000000000139886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.233{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03506893003b47412021-12-17 11:40:46.233root 11241100x8000000000000000139887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.233{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d14d36f43fda312021-12-17 11:40:46.233root 11241100x8000000000000000139888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.233{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2f26df03adc5892021-12-17 11:40:46.233root 11241100x8000000000000000139889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.234{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e9f2a7c8a9caf72021-12-17 11:40:46.234root 11241100x8000000000000000139890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.234{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2924bfd5d6499c2021-12-17 11:40:46.234root 11241100x8000000000000000139891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.234{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9af0bafce3409e32021-12-17 11:40:46.234root 11241100x8000000000000000139892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.234{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f77da2fbc9c5582021-12-17 11:40:46.234root 11241100x8000000000000000139893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.234{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3910344f4912ff2021-12-17 11:40:46.234root 11241100x8000000000000000139894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.234{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189828491967434f2021-12-17 11:40:46.234root 11241100x8000000000000000139895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.234{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e352919ad3c57532021-12-17 11:40:46.234root 11241100x8000000000000000139896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.234{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c2aa9d8adebf1f2021-12-17 11:40:46.234root 11241100x8000000000000000139897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.234{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6993c2b201d3a62021-12-17 11:40:46.234root 11241100x8000000000000000139898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.234{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c4eff1e4572f072021-12-17 11:40:46.234root 11241100x8000000000000000139899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.234{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4def2ab6be9f3ec2021-12-17 11:40:46.234root 11241100x8000000000000000139900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.235{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad65e8c90c98a85c2021-12-17 11:40:46.235root 11241100x8000000000000000139901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.235{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adba57a0e245121a2021-12-17 11:40:46.235root 11241100x8000000000000000139902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.235{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6cade0a86ad36c2021-12-17 11:40:46.235root 11241100x8000000000000000139903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.235{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e673cab129881f2021-12-17 11:40:46.235root 11241100x8000000000000000139904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.235{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dde25e43c9c6a32021-12-17 11:40:46.235root 11241100x8000000000000000139905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.235{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9c8b9d40f122b62021-12-17 11:40:46.235root 11241100x8000000000000000139906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.235{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035cb206423ceeae2021-12-17 11:40:46.235root 11241100x8000000000000000139907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.235{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c446951288060612021-12-17 11:40:46.235root 11241100x8000000000000000139908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.235{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e4d0e14631ba2d2021-12-17 11:40:46.235root 11241100x8000000000000000139909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.235{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e21a755df4e0f602021-12-17 11:40:46.235root 11241100x8000000000000000139910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.235{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15f7e50ce5af8d82021-12-17 11:40:46.235root 11241100x8000000000000000139911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.236{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c80865ffb6af6ab2021-12-17 11:40:46.236root 11241100x8000000000000000139912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.236{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f58913f2e498882021-12-17 11:40:46.236root 11241100x8000000000000000139913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.236{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494990c1138d65492021-12-17 11:40:46.236root 11241100x8000000000000000139914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.236{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e0eb3fe837f6e82021-12-17 11:40:46.236root 11241100x8000000000000000139915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.239{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a079a8ebe2e543c2021-12-17 11:40:46.239root 11241100x8000000000000000139916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.239{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cba1f34ad1d4e1c2021-12-17 11:40:46.239root 11241100x8000000000000000139917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.239{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d285ed27ca766d42021-12-17 11:40:46.239root 11241100x8000000000000000139918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.239{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abee508f046621072021-12-17 11:40:46.239root 11241100x8000000000000000139919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.239{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363c9d70651bc6a52021-12-17 11:40:46.239root 11241100x8000000000000000139920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.239{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579c3563d00b5ac62021-12-17 11:40:46.239root 11241100x8000000000000000139921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.240{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfbe0d405ad066a2021-12-17 11:40:46.240root 11241100x8000000000000000139922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.240{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768bc8d9450c596c2021-12-17 11:40:46.240root 11241100x8000000000000000139923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.240{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fc82710cfe01b42021-12-17 11:40:46.240root 11241100x8000000000000000139924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.241{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511897fcb61ea3ed2021-12-17 11:40:46.241root 11241100x8000000000000000139925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.242{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7df66fe69ae563d2021-12-17 11:40:46.242root 11241100x8000000000000000139926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.242{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42e68419d4c71932021-12-17 11:40:46.242root 11241100x8000000000000000139927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.242{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22855caf43d451642021-12-17 11:40:46.242root 11241100x8000000000000000139928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.242{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a6b8193ded05342021-12-17 11:40:46.242root 11241100x8000000000000000139929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.242{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691c95b1ee3fdec42021-12-17 11:40:46.242root 11241100x8000000000000000139930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.242{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c33f2e417297e22021-12-17 11:40:46.242root 11241100x8000000000000000139931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.242{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100832536e3c2e302021-12-17 11:40:46.242root 11241100x8000000000000000139932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.242{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751ebf465fd1ac982021-12-17 11:40:46.242root 11241100x8000000000000000139933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.243{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f889b091643d36fd2021-12-17 11:40:46.243root 11241100x8000000000000000139934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.243{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ffcb48a565925e2021-12-17 11:40:46.243root 11241100x8000000000000000139935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.243{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b170d6b2d2f73da2021-12-17 11:40:46.243root 11241100x8000000000000000139936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.244{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a33528a14fa102d2021-12-17 11:40:46.244root 11241100x8000000000000000139937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.244{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21dafde7b11e7812021-12-17 11:40:46.244root 11241100x8000000000000000139938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.244{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1068906c70adb32021-12-17 11:40:46.244root 11241100x8000000000000000139939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.244{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eebcc854a6c6332021-12-17 11:40:46.244root 11241100x8000000000000000139940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8793c7d507186d2021-12-17 11:40:46.556root 11241100x8000000000000000139941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b399fe3cc95aa92021-12-17 11:40:46.556root 11241100x8000000000000000139942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5312aa31a4f58f0b2021-12-17 11:40:46.556root 11241100x8000000000000000139943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f378b8600693075d2021-12-17 11:40:46.557root 11241100x8000000000000000139944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b224a7e7419d524e2021-12-17 11:40:46.557root 11241100x8000000000000000139945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059202275ee620552021-12-17 11:40:46.557root 11241100x8000000000000000139946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fc27aa9d214e212021-12-17 11:40:46.557root 11241100x8000000000000000139947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1873cec4454107bf2021-12-17 11:40:46.557root 11241100x8000000000000000139948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9715d328006760402021-12-17 11:40:46.557root 11241100x8000000000000000139949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e67df78bddb1ff2021-12-17 11:40:46.557root 11241100x8000000000000000139950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d07a282f0b2acd72021-12-17 11:40:46.557root 11241100x8000000000000000139951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6f503a99010e8d2021-12-17 11:40:46.557root 11241100x8000000000000000139952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8bc62293c64d5e2021-12-17 11:40:46.558root 11241100x8000000000000000139953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1ee6eaf41692ed2021-12-17 11:40:46.558root 11241100x8000000000000000139954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d048946896e4a02021-12-17 11:40:46.558root 11241100x8000000000000000139955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aefc53791046c832021-12-17 11:40:46.558root 11241100x8000000000000000139956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d212ddea1977cd32021-12-17 11:40:46.558root 11241100x8000000000000000139957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f1a7286febb4522021-12-17 11:40:46.558root 11241100x8000000000000000139958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2060bdcdaf7fb03c2021-12-17 11:40:46.558root 11241100x8000000000000000139959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670099f2a16c00ec2021-12-17 11:40:46.558root 11241100x8000000000000000139960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eadbf08171e45fd2021-12-17 11:40:46.558root 11241100x8000000000000000139961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b353d64a3b1e1672021-12-17 11:40:46.558root 11241100x8000000000000000139962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61372a0bf9f919b72021-12-17 11:40:46.558root 11241100x8000000000000000139963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f3803d752a6be92021-12-17 11:40:46.559root 11241100x8000000000000000139964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5064fec39bf4eebd2021-12-17 11:40:46.559root 11241100x8000000000000000139965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bf7f83278f6fdf2021-12-17 11:40:46.559root 11241100x8000000000000000139966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ad32fc8ddc06c32021-12-17 11:40:46.559root 11241100x8000000000000000139967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c0dc13c1e9e5742021-12-17 11:40:46.559root 11241100x8000000000000000139968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97892b5603d1833b2021-12-17 11:40:46.560root 11241100x8000000000000000139969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08fab4d689fb79e2021-12-17 11:40:46.560root 11241100x8000000000000000139970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b42f31e6f76f7342021-12-17 11:40:46.560root 11241100x8000000000000000139971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a4c05a57be928a2021-12-17 11:40:46.560root 11241100x8000000000000000139972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816952c476bb6a752021-12-17 11:40:46.560root 11241100x8000000000000000139973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6249cb2e6901b62021-12-17 11:40:46.560root 11241100x8000000000000000139974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749559da11d0c8b32021-12-17 11:40:46.561root 11241100x8000000000000000139975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060160ea8914c2d22021-12-17 11:40:46.561root 11241100x8000000000000000139976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e50f9d1f10e27d2021-12-17 11:40:46.561root 11241100x8000000000000000139977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cfbc81fc3535062021-12-17 11:40:46.561root 11241100x8000000000000000139978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771451860d5b32982021-12-17 11:40:46.561root 11241100x8000000000000000139979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a2b15c684d1e5d2021-12-17 11:40:46.561root 11241100x8000000000000000139980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b05516d6e085ca02021-12-17 11:40:46.561root 11241100x8000000000000000139981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d49a39189b9a122021-12-17 11:40:46.561root 11241100x8000000000000000139982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a499aa95e0e40d12021-12-17 11:40:46.562root 11241100x8000000000000000139983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765c4b50013a5a2c2021-12-17 11:40:46.562root 11241100x8000000000000000139984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f5daf74c78b96d2021-12-17 11:40:46.562root 11241100x8000000000000000139985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea2d351f0a173752021-12-17 11:40:46.562root 11241100x8000000000000000139986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc67cb7fba6f2cb42021-12-17 11:40:46.562root 11241100x8000000000000000139987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9f724cc9b26a5b2021-12-17 11:40:46.563root 11241100x8000000000000000139988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52a0f9ea13f7dee2021-12-17 11:40:46.563root 11241100x8000000000000000139989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30267b33f3b661e2021-12-17 11:40:46.563root 11241100x8000000000000000139990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4556f5fcf8ed54dc2021-12-17 11:40:46.563root 11241100x8000000000000000139991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6734775e6c4c6ae02021-12-17 11:40:46.563root 11241100x8000000000000000139992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c917fca2ef16b52021-12-17 11:40:46.563root 11241100x8000000000000000139993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901e035f8155da392021-12-17 11:40:46.563root 11241100x8000000000000000139994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b0e2a872b6c07a2021-12-17 11:40:46.563root 11241100x8000000000000000139995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb4aa134ab83412021-12-17 11:40:46.563root 11241100x8000000000000000139996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6044c0e1aa81f4ad2021-12-17 11:40:46.564root 11241100x8000000000000000139997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf33582830c03b62021-12-17 11:40:46.564root 11241100x8000000000000000139998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd65cf3651a31ef2021-12-17 11:40:46.564root 11241100x8000000000000000139999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c104ede4d29e852021-12-17 11:40:46.564root 11241100x8000000000000000140000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452791eaffe0be382021-12-17 11:40:46.564root 11241100x8000000000000000140001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d573cf4ef8d5842021-12-17 11:40:46.564root 11241100x8000000000000000140002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cbacf20c419c342021-12-17 11:40:46.564root 11241100x8000000000000000140003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477076a56afff88a2021-12-17 11:40:46.564root 11241100x8000000000000000140004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50efa6a712e2c14e2021-12-17 11:40:46.564root 11241100x8000000000000000140005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296ebb3eaa92b1ef2021-12-17 11:40:46.564root 11241100x8000000000000000140006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff00a9bcc4890092021-12-17 11:40:46.565root 11241100x8000000000000000140007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5a4930d93c32aa2021-12-17 11:40:46.565root 11241100x8000000000000000140008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3bb753c895d9272021-12-17 11:40:46.565root 11241100x8000000000000000140009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca6572d5d7d32012021-12-17 11:40:46.565root 11241100x8000000000000000140010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6660510c78dcbd712021-12-17 11:40:46.565root 11241100x8000000000000000140011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc38efc3f2ec0afe2021-12-17 11:40:46.565root 11241100x8000000000000000140012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1132ca76efdb1b2d2021-12-17 11:40:46.565root 11241100x8000000000000000140013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee5337629bdff8c2021-12-17 11:40:46.565root 11241100x8000000000000000140014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681b9c3cd0ca8a032021-12-17 11:40:46.565root 11241100x8000000000000000140015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877548e9cfc90a752021-12-17 11:40:46.565root 11241100x8000000000000000140016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7775d0e7fa0a6cd2021-12-17 11:40:46.565root 11241100x8000000000000000140017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac727a2d4ad0f6d2021-12-17 11:40:46.566root 11241100x8000000000000000140018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2727aa2295e1060d2021-12-17 11:40:46.566root 11241100x8000000000000000140019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64d37cf0172e6f12021-12-17 11:40:46.566root 11241100x8000000000000000140020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df82ba6a26512492021-12-17 11:40:46.566root 11241100x8000000000000000140021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf3b7431e38d8152021-12-17 11:40:46.566root 11241100x8000000000000000140022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7bb68bb037e0f92021-12-17 11:40:46.566root 11241100x8000000000000000140023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66235a900399bbb62021-12-17 11:40:46.566root 11241100x8000000000000000140024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5ee03f7e70d8372021-12-17 11:40:46.566root 11241100x8000000000000000140025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ed1695b93fdf512021-12-17 11:40:46.566root 11241100x8000000000000000140026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddb47d677a0b8102021-12-17 11:40:46.567root 11241100x8000000000000000140027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e82070e184f7e612021-12-17 11:40:46.567root 11241100x8000000000000000140028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbbec0ba169d8012021-12-17 11:40:46.567root 11241100x8000000000000000140029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad76bf06881edc152021-12-17 11:40:46.567root 11241100x8000000000000000140030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8637df34c71e60f22021-12-17 11:40:46.567root 11241100x8000000000000000140031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1709c26365a0ce02021-12-17 11:40:46.567root 11241100x8000000000000000140032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3a47383d608d7a2021-12-17 11:40:46.567root 11241100x8000000000000000140033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06401de347a7bcbf2021-12-17 11:40:46.567root 11241100x8000000000000000140034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bec6f53a2df64612021-12-17 11:40:46.567root 11241100x8000000000000000140035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b891dda058ef602021-12-17 11:40:46.567root 11241100x8000000000000000140036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3037b8467501d332021-12-17 11:40:46.568root 11241100x8000000000000000140037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd109fe1c6979282021-12-17 11:40:46.568root 11241100x8000000000000000140038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c5734e159926652021-12-17 11:40:46.568root 11241100x8000000000000000140039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f5f45e5a923a502021-12-17 11:40:46.568root 11241100x8000000000000000140040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360058eaa3567e8e2021-12-17 11:40:46.568root 11241100x8000000000000000140041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dce06ac66a088432021-12-17 11:40:46.568root 11241100x8000000000000000140042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6a4dbb5298e06a2021-12-17 11:40:46.568root 11241100x8000000000000000140043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70480f63ac70c9292021-12-17 11:40:46.568root 11241100x8000000000000000140044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ed6f5e19ec7f4f2021-12-17 11:40:46.568root 11241100x8000000000000000140045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230f453ecc4312b42021-12-17 11:40:46.568root 11241100x8000000000000000140046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147bbfa5240e2cae2021-12-17 11:40:46.569root 11241100x8000000000000000140047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0f826abb0ca9ac2021-12-17 11:40:46.569root 11241100x8000000000000000140048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a18592d549881882021-12-17 11:40:46.569root 11241100x8000000000000000140049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b633448e9e48af22021-12-17 11:40:46.569root 11241100x8000000000000000140050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e1c2459018642f2021-12-17 11:40:46.569root 11241100x8000000000000000140051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a8af58ac2595b72021-12-17 11:40:46.570root 11241100x8000000000000000140052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:46.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880405035879c1032021-12-17 11:40:46.570root 11241100x8000000000000000140053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1127821b6f8d22592021-12-17 11:40:47.057root 11241100x8000000000000000140054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f66c18d75a012712021-12-17 11:40:47.057root 11241100x8000000000000000140055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee6b32eae373b5c2021-12-17 11:40:47.058root 11241100x8000000000000000140056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961b3e8b15efe7d52021-12-17 11:40:47.058root 11241100x8000000000000000140057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7040b6e72e526b832021-12-17 11:40:47.059root 11241100x8000000000000000140058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19479267e5f529a42021-12-17 11:40:47.059root 11241100x8000000000000000140059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fffa4eedd761ea52021-12-17 11:40:47.059root 11241100x8000000000000000140060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712b43619df44b662021-12-17 11:40:47.060root 11241100x8000000000000000140061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdec622898d46dd2021-12-17 11:40:47.060root 11241100x8000000000000000140062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435886b47515e1372021-12-17 11:40:47.060root 11241100x8000000000000000140063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30304bb01b2e375d2021-12-17 11:40:47.060root 11241100x8000000000000000140064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6358914415d780772021-12-17 11:40:47.061root 11241100x8000000000000000140065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48714164c49cab042021-12-17 11:40:47.061root 11241100x8000000000000000140066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dde65eca87e5ac32021-12-17 11:40:47.061root 11241100x8000000000000000140067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7178f43fb3f2b1f2021-12-17 11:40:47.062root 11241100x8000000000000000140068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9220b535960aeac2021-12-17 11:40:47.062root 11241100x8000000000000000140069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676624eee9d094b32021-12-17 11:40:47.062root 11241100x8000000000000000140070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887243b8d442a58f2021-12-17 11:40:47.063root 11241100x8000000000000000140071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7645ff2017528ea12021-12-17 11:40:47.063root 11241100x8000000000000000140072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db050f7475d350332021-12-17 11:40:47.063root 11241100x8000000000000000140073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29f21195e02a8182021-12-17 11:40:47.063root 11241100x8000000000000000140074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91627c2d55c610b2021-12-17 11:40:47.064root 11241100x8000000000000000140075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cff1de78f664d02021-12-17 11:40:47.064root 11241100x8000000000000000140076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7153052f4e910232021-12-17 11:40:47.064root 11241100x8000000000000000140077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d955615855d967f42021-12-17 11:40:47.064root 11241100x8000000000000000140078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f5a403244ddf9d2021-12-17 11:40:47.064root 11241100x8000000000000000140079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf19a09768575232021-12-17 11:40:47.064root 11241100x8000000000000000140080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e27df267614a63b2021-12-17 11:40:47.064root 11241100x8000000000000000140081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f211b132d73f36e72021-12-17 11:40:47.064root 11241100x8000000000000000140082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebedff27fb3a5e2d2021-12-17 11:40:47.064root 11241100x8000000000000000140083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb06f414544fd05a2021-12-17 11:40:47.065root 11241100x8000000000000000140084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0725a0da5fdfc7432021-12-17 11:40:47.065root 11241100x8000000000000000140085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f671ef421f9b0bd42021-12-17 11:40:47.065root 11241100x8000000000000000140086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2741a93878564b772021-12-17 11:40:47.065root 11241100x8000000000000000140087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b29d4287224fdd2021-12-17 11:40:47.065root 11241100x8000000000000000140088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa020d4ea84abd62021-12-17 11:40:47.065root 11241100x8000000000000000140089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7567b0a84bd73e072021-12-17 11:40:47.065root 11241100x8000000000000000140090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ca9a05c430a7172021-12-17 11:40:47.065root 11241100x8000000000000000140091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def0031600097a6e2021-12-17 11:40:47.065root 11241100x8000000000000000140092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291d5771a243fd032021-12-17 11:40:47.066root 11241100x8000000000000000140093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25683e5fc53839f2021-12-17 11:40:47.066root 11241100x8000000000000000140094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627a5e96642fa5272021-12-17 11:40:47.066root 11241100x8000000000000000140095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4721bab12e1fd22021-12-17 11:40:47.066root 11241100x8000000000000000140096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddc2a5d3e7dda172021-12-17 11:40:47.066root 11241100x8000000000000000140097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0ee315e00c85312021-12-17 11:40:47.066root 11241100x8000000000000000140098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff4b8ca1c92e2df2021-12-17 11:40:47.067root 11241100x8000000000000000140099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76efa9c9367ad27e2021-12-17 11:40:47.067root 11241100x8000000000000000140100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78fb3f274620ab62021-12-17 11:40:47.067root 11241100x8000000000000000140101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab40136cca7848092021-12-17 11:40:47.067root 11241100x8000000000000000140102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214fcefc107935662021-12-17 11:40:47.067root 11241100x8000000000000000140103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b160937e8b9d14b2021-12-17 11:40:47.067root 11241100x8000000000000000140104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010f3dd263ad2ce72021-12-17 11:40:47.067root 11241100x8000000000000000140105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80c910957e6937b2021-12-17 11:40:47.067root 11241100x8000000000000000140106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a158c4fc79ee4a4a2021-12-17 11:40:47.067root 11241100x8000000000000000140107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf2be77412b1d2b2021-12-17 11:40:47.067root 11241100x8000000000000000140108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45ff860fb5a89c72021-12-17 11:40:47.067root 11241100x8000000000000000140109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7292745c67749c3b2021-12-17 11:40:47.067root 11241100x8000000000000000140110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50c5ec618c971f22021-12-17 11:40:47.067root 11241100x8000000000000000140111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c559cadaeab47642021-12-17 11:40:47.067root 11241100x8000000000000000140112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b7fd91a79a77f82021-12-17 11:40:47.067root 11241100x8000000000000000140113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5ac1067717e0552021-12-17 11:40:47.068root 11241100x8000000000000000140114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e7b607d13d68de2021-12-17 11:40:47.068root 11241100x8000000000000000140115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19adad6cd84b75f22021-12-17 11:40:47.068root 11241100x8000000000000000140116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198e8cf5eeabbc032021-12-17 11:40:47.068root 11241100x8000000000000000140117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514574127ae56bc22021-12-17 11:40:47.068root 11241100x8000000000000000140118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c025732a8bef732021-12-17 11:40:47.068root 11241100x8000000000000000140119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0906c35b6ea6632021-12-17 11:40:47.068root 11241100x8000000000000000140120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59309580920d37e12021-12-17 11:40:47.068root 11241100x8000000000000000140121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6137d015df73f9e92021-12-17 11:40:47.068root 11241100x8000000000000000140122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd5b7be02038ea62021-12-17 11:40:47.068root 11241100x8000000000000000140123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d8bf355b98e1db2021-12-17 11:40:47.068root 11241100x8000000000000000140124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd199ee063fd2832021-12-17 11:40:47.068root 11241100x8000000000000000140125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7860ba385be492f12021-12-17 11:40:47.068root 11241100x8000000000000000140126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b911fa72b91e4ff92021-12-17 11:40:47.068root 11241100x8000000000000000140127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6235c71ab5130a12021-12-17 11:40:47.068root 11241100x8000000000000000140128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6f89ba8ee16d3b2021-12-17 11:40:47.069root 11241100x8000000000000000140129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b19c4b23692f642021-12-17 11:40:47.069root 11241100x8000000000000000140130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934ae04e433f7a612021-12-17 11:40:47.069root 11241100x8000000000000000140131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064b925027a873902021-12-17 11:40:47.069root 11241100x8000000000000000140132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c76e29cc0dc25e2021-12-17 11:40:47.069root 11241100x8000000000000000140133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ced3032ff12ce02021-12-17 11:40:47.069root 11241100x8000000000000000140134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5fc5297776e3b42021-12-17 11:40:47.069root 11241100x8000000000000000140135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e74487540c0fc32021-12-17 11:40:47.069root 11241100x8000000000000000140136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e009a9bde36822a72021-12-17 11:40:47.069root 11241100x8000000000000000140137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3575cb8667f6da032021-12-17 11:40:47.069root 11241100x8000000000000000140138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadafaa8741411f92021-12-17 11:40:47.069root 11241100x8000000000000000140139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7689af6f614f952021-12-17 11:40:47.069root 11241100x8000000000000000140140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af30aaa8f391716a2021-12-17 11:40:47.069root 11241100x8000000000000000140141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025162b89be1b1132021-12-17 11:40:47.069root 11241100x8000000000000000140142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d78d27c13439cf2021-12-17 11:40:47.070root 11241100x8000000000000000140143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f47e099b87f2ad2021-12-17 11:40:47.070root 11241100x8000000000000000140144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ca14f75478ab612021-12-17 11:40:47.070root 11241100x8000000000000000140145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9352d4cf9d35d6f92021-12-17 11:40:47.070root 11241100x8000000000000000140146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b11da24968427412021-12-17 11:40:47.070root 11241100x8000000000000000140147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa8d7569ff529a42021-12-17 11:40:47.070root 11241100x8000000000000000140148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcc163924e557d72021-12-17 11:40:47.070root 11241100x8000000000000000140149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16261d2c97408c582021-12-17 11:40:47.070root 11241100x8000000000000000140150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc8001c1da83b7a2021-12-17 11:40:47.070root 11241100x8000000000000000140151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5996445d69a9df2021-12-17 11:40:47.070root 11241100x8000000000000000140152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82b0fb0c6b16dde2021-12-17 11:40:47.071root 11241100x8000000000000000140153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054d802e50dd8ca62021-12-17 11:40:47.071root 11241100x8000000000000000140154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d385c355df2390d82021-12-17 11:40:47.071root 11241100x8000000000000000140155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d114d5ba3545d1a2021-12-17 11:40:47.071root 11241100x8000000000000000140156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5926aed2d8e199412021-12-17 11:40:47.071root 11241100x8000000000000000140157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371aef4c5e8b0ca12021-12-17 11:40:47.071root 11241100x8000000000000000140158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0a78fb4fb2ba4a2021-12-17 11:40:47.071root 11241100x8000000000000000140159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bc871de08211a12021-12-17 11:40:47.071root 11241100x8000000000000000140160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cd856edbaf5e662021-12-17 11:40:47.072root 11241100x8000000000000000140161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e1c801bc580c3a2021-12-17 11:40:47.072root 11241100x8000000000000000140162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70793f051dd5c1c82021-12-17 11:40:47.078root 11241100x8000000000000000140163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3e2c1114ae3e0e2021-12-17 11:40:47.078root 11241100x8000000000000000140164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91d11d12adeaa222021-12-17 11:40:47.078root 11241100x8000000000000000140165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0166f7e0a575bbfb2021-12-17 11:40:47.078root 11241100x8000000000000000140166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38505379d529a0562021-12-17 11:40:47.078root 11241100x8000000000000000140167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589149ed6c54502d2021-12-17 11:40:47.078root 11241100x8000000000000000140168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d5b566bb5e740f2021-12-17 11:40:47.078root 11241100x8000000000000000140169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627c911639cfc0e32021-12-17 11:40:47.078root 11241100x8000000000000000140170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e3a54d3890174c2021-12-17 11:40:47.078root 11241100x8000000000000000140171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f0b2768d717ce82021-12-17 11:40:47.078root 11241100x8000000000000000140172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3187d010f4fc5e272021-12-17 11:40:47.078root 11241100x8000000000000000140173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd51077f05bfab262021-12-17 11:40:47.078root 11241100x8000000000000000140174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60df2e6af219ba22021-12-17 11:40:47.078root 11241100x8000000000000000140175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f10486edb0d7b212021-12-17 11:40:47.078root 11241100x8000000000000000140176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10d4785587abbb32021-12-17 11:40:47.078root 11241100x8000000000000000140177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4489d3b826bdb62e2021-12-17 11:40:47.079root 11241100x8000000000000000140178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8803bcbeed566e502021-12-17 11:40:47.079root 11241100x8000000000000000140179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f086a3d3e8e5232021-12-17 11:40:47.079root 11241100x8000000000000000140180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e5da29123ffade2021-12-17 11:40:47.079root 11241100x8000000000000000140181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbea10d60f42b4f2021-12-17 11:40:47.079root 11241100x8000000000000000140182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61f125d498e7d482021-12-17 11:40:47.079root 11241100x8000000000000000140183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2417ffef1ea1b342021-12-17 11:40:47.079root 11241100x8000000000000000140184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a3a7074aa072242021-12-17 11:40:47.079root 11241100x8000000000000000140185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4feaec4f544d3522021-12-17 11:40:47.079root 11241100x8000000000000000140186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02da3cdcd6ec1dd92021-12-17 11:40:47.079root 11241100x8000000000000000140187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c290f5e3aad02da52021-12-17 11:40:47.079root 11241100x8000000000000000140188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebbec82f9efa16b2021-12-17 11:40:47.079root 11241100x8000000000000000140189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c005b1a36c75d62021-12-17 11:40:47.079root 11241100x8000000000000000140190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7e43d2abac52462021-12-17 11:40:47.079root 11241100x8000000000000000140191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69091cb1bd5279d82021-12-17 11:40:47.079root 11241100x8000000000000000140192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6751a21a8b3c44e52021-12-17 11:40:47.079root 11241100x8000000000000000140193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebe3499a3cf68ff2021-12-17 11:40:47.080root 11241100x8000000000000000140194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d897e35a136fc632021-12-17 11:40:47.080root 11241100x8000000000000000140195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68c0fd6c5bdf81b2021-12-17 11:40:47.080root 11241100x8000000000000000140196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe4da7921db10372021-12-17 11:40:47.080root 11241100x8000000000000000140197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82dd9df4a2d5c282021-12-17 11:40:47.082root 11241100x8000000000000000140198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b56c3c965bd5d5b2021-12-17 11:40:47.082root 11241100x8000000000000000140199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef57c00c08199c312021-12-17 11:40:47.082root 11241100x8000000000000000140200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2440c1dc56501c52021-12-17 11:40:47.083root 11241100x8000000000000000140201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cf7b728599bd802021-12-17 11:40:47.083root 11241100x8000000000000000140202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc8e34a39fe43dc2021-12-17 11:40:47.083root 11241100x8000000000000000140203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e77748f12d4f3332021-12-17 11:40:47.083root 11241100x8000000000000000140204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03b0574a29378172021-12-17 11:40:47.083root 11241100x8000000000000000140205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3ba6a004d2a2722021-12-17 11:40:47.083root 11241100x8000000000000000140206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8716129e278e82b22021-12-17 11:40:47.083root 11241100x8000000000000000140207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8a4bca384d52912021-12-17 11:40:47.083root 11241100x8000000000000000140208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efe1b33971ad47b2021-12-17 11:40:47.083root 11241100x8000000000000000140209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4d8bfeb4f4c2302021-12-17 11:40:47.083root 11241100x8000000000000000140210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5fbd4acaa12a502021-12-17 11:40:47.083root 11241100x8000000000000000140211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50de79f1cb2b30ad2021-12-17 11:40:47.083root 11241100x8000000000000000140212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd2288fa9f5d5012021-12-17 11:40:47.083root 11241100x8000000000000000140213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6552e6107fcd556e2021-12-17 11:40:47.083root 11241100x8000000000000000140214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0409872991355bdb2021-12-17 11:40:47.083root 11241100x8000000000000000140215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b997e2d2406b8a32021-12-17 11:40:47.084root 11241100x8000000000000000140216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1165cb7d7d6c382021-12-17 11:40:47.084root 11241100x8000000000000000140217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ba4d04c09239af2021-12-17 11:40:47.084root 11241100x8000000000000000140218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16727eb5da2d71162021-12-17 11:40:47.084root 11241100x8000000000000000140219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2df5d26611d1dc2021-12-17 11:40:47.084root 11241100x8000000000000000140220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcef4d0d5cab7142021-12-17 11:40:47.084root 11241100x8000000000000000140221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dfd1f1fd8eb5512021-12-17 11:40:47.084root 11241100x8000000000000000140222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6f4d724a48a9bb2021-12-17 11:40:47.084root 11241100x8000000000000000140223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9258913c8e67b07b2021-12-17 11:40:47.084root 11241100x8000000000000000140224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aec86b56b61dcb62021-12-17 11:40:47.084root 11241100x8000000000000000140225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c957c844d56c682021-12-17 11:40:47.084root 11241100x8000000000000000140226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96d12f7834a8d642021-12-17 11:40:47.084root 11241100x8000000000000000140227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ef98ced5384d772021-12-17 11:40:47.084root 11241100x8000000000000000140228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1109a7e0d40a14d12021-12-17 11:40:47.084root 11241100x8000000000000000140229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba51d30718660db2021-12-17 11:40:47.084root 11241100x8000000000000000140230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb52943da54710b2021-12-17 11:40:47.084root 11241100x8000000000000000140231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7242f186e3e900d92021-12-17 11:40:47.084root 11241100x8000000000000000140232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ba11dbdf931d642021-12-17 11:40:47.085root 11241100x8000000000000000140233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecc6f6e09a80d0e2021-12-17 11:40:47.085root 11241100x8000000000000000140234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc0e6d27eec1a232021-12-17 11:40:47.085root 11241100x8000000000000000140235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ab97c2ea0a01902021-12-17 11:40:47.085root 11241100x8000000000000000140236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fa1a998889b1f72021-12-17 11:40:47.085root 11241100x8000000000000000140237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c2f4a06470c7592021-12-17 11:40:47.085root 11241100x8000000000000000140238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7471cfd4db7899602021-12-17 11:40:47.085root 11241100x8000000000000000140239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78806e5036e762492021-12-17 11:40:47.085root 11241100x8000000000000000140240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786f77fe00be769e2021-12-17 11:40:47.085root 11241100x8000000000000000140241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23afa5f1965ab1aa2021-12-17 11:40:47.085root 11241100x8000000000000000140242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff10526e4c00d9a42021-12-17 11:40:47.085root 11241100x8000000000000000140243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d384c89953cd482021-12-17 11:40:47.085root 11241100x8000000000000000140244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cf31d939a5d9372021-12-17 11:40:47.085root 11241100x8000000000000000140245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45b11b34dd8521a2021-12-17 11:40:47.085root 11241100x8000000000000000140246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8216858ec2d0af132021-12-17 11:40:47.085root 11241100x8000000000000000140247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f64e34870df48242021-12-17 11:40:47.085root 11241100x8000000000000000140248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b859f888e89181172021-12-17 11:40:47.086root 11241100x8000000000000000140249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1098e132c24f6c252021-12-17 11:40:47.086root 11241100x8000000000000000140250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19a2e8368c42c832021-12-17 11:40:47.086root 11241100x8000000000000000140251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dff28d4f7797c22021-12-17 11:40:47.086root 11241100x8000000000000000140252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b893b934c0471d2021-12-17 11:40:47.086root 11241100x8000000000000000140253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b9fd9ab7f00bf02021-12-17 11:40:47.086root 11241100x8000000000000000140254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2c6934fd156c252021-12-17 11:40:47.086root 11241100x8000000000000000140255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805dd24e8f94f9322021-12-17 11:40:47.086root 11241100x8000000000000000140256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c0f61d30aa38702021-12-17 11:40:47.086root 11241100x8000000000000000140257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbf623be7324e192021-12-17 11:40:47.086root 11241100x8000000000000000140258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58da2c2b8d793f32021-12-17 11:40:47.086root 11241100x8000000000000000140259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011c3c31f8f8b5322021-12-17 11:40:47.086root 11241100x8000000000000000140260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4c2b3c6b1d5d832021-12-17 11:40:47.086root 11241100x8000000000000000140261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f4162f02177dbb2021-12-17 11:40:47.086root 11241100x8000000000000000140262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4101042ca31b09472021-12-17 11:40:47.086root 11241100x8000000000000000140263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729a1acf9e52e2942021-12-17 11:40:47.557root 11241100x8000000000000000140264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce443257ae7f9b82021-12-17 11:40:47.557root 11241100x8000000000000000140265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07a8e0f9a36ac5f2021-12-17 11:40:47.557root 11241100x8000000000000000140266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fed6e8d1482fd1e2021-12-17 11:40:47.557root 11241100x8000000000000000140267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd9df6d7fc1a4142021-12-17 11:40:47.557root 11241100x8000000000000000140268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b134eb7836c2532021-12-17 11:40:47.558root 11241100x8000000000000000140269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93fd2b2b471221d2021-12-17 11:40:47.558root 11241100x8000000000000000140270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3342a1a7be99672021-12-17 11:40:47.558root 11241100x8000000000000000140271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41745d16a89ba46d2021-12-17 11:40:47.558root 11241100x8000000000000000140272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74804bddc0c0d60e2021-12-17 11:40:47.558root 11241100x8000000000000000140273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d61a9a998d1e0b2021-12-17 11:40:47.558root 11241100x8000000000000000140274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6c904f73d94df02021-12-17 11:40:47.558root 11241100x8000000000000000140275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a703413900991e72021-12-17 11:40:47.558root 11241100x8000000000000000140276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4842c7455a3dbf2021-12-17 11:40:47.559root 11241100x8000000000000000140277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0f62ed78060dda2021-12-17 11:40:47.559root 11241100x8000000000000000140278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06f49673552e3942021-12-17 11:40:47.559root 11241100x8000000000000000140279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119f032967f643682021-12-17 11:40:47.559root 11241100x8000000000000000140280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555ba0b55bd6fcbb2021-12-17 11:40:47.559root 11241100x8000000000000000140281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c42fefef463d6a2021-12-17 11:40:47.559root 11241100x8000000000000000140282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10c93e9bdf4edcf2021-12-17 11:40:47.559root 11241100x8000000000000000140283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c59bea47a579ac2021-12-17 11:40:47.559root 11241100x8000000000000000140284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479923f93b3492de2021-12-17 11:40:47.560root 11241100x8000000000000000140285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e47fb1f28be2f02021-12-17 11:40:47.560root 11241100x8000000000000000140286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c92420144e99e12021-12-17 11:40:47.560root 11241100x8000000000000000140287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3199140549739de92021-12-17 11:40:47.560root 11241100x8000000000000000140288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff2b590c9376f3b2021-12-17 11:40:47.560root 11241100x8000000000000000140289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba17f54105de7412021-12-17 11:40:47.560root 11241100x8000000000000000140290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7f350ae4df0f2d2021-12-17 11:40:47.560root 11241100x8000000000000000140291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdde3edf0532d3842021-12-17 11:40:47.560root 11241100x8000000000000000140292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf884649d362bea32021-12-17 11:40:47.560root 11241100x8000000000000000140293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1885346bf5f7b922021-12-17 11:40:47.560root 11241100x8000000000000000140294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e030e8fc190be2662021-12-17 11:40:47.561root 11241100x8000000000000000140295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c4765d1102c4162021-12-17 11:40:47.561root 11241100x8000000000000000140296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847094a97d7cc3982021-12-17 11:40:47.561root 11241100x8000000000000000140297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801e132a012909f82021-12-17 11:40:47.561root 11241100x8000000000000000140298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1835e2ebd54be7b22021-12-17 11:40:47.562root 11241100x8000000000000000140299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a9cd081476296f2021-12-17 11:40:47.562root 11241100x8000000000000000140300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcabb89eac58d1e2021-12-17 11:40:47.562root 11241100x8000000000000000140301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d026374b0f0a622021-12-17 11:40:47.562root 11241100x8000000000000000140302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e6cd1651cab3682021-12-17 11:40:47.562root 11241100x8000000000000000140303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a9b83dbe6618582021-12-17 11:40:47.562root 11241100x8000000000000000140304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999ce64b9d151ee22021-12-17 11:40:47.562root 11241100x8000000000000000140305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6314c15d437af5c2021-12-17 11:40:47.563root 11241100x8000000000000000140306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d31168473b4f122021-12-17 11:40:47.563root 11241100x8000000000000000140307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39960b4ef459275e2021-12-17 11:40:47.563root 11241100x8000000000000000140308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d035ccf41acf592021-12-17 11:40:47.563root 11241100x8000000000000000140309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c0ed785a28e9262021-12-17 11:40:47.564root 11241100x8000000000000000140310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3177c9f160437a492021-12-17 11:40:47.564root 11241100x8000000000000000140311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7ef96f135dc7132021-12-17 11:40:47.564root 11241100x8000000000000000140312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3dc3dc46f05aec2021-12-17 11:40:47.565root 11241100x8000000000000000140313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b455b741ac0c792021-12-17 11:40:47.565root 11241100x8000000000000000140314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483c445a2296024f2021-12-17 11:40:47.565root 11241100x8000000000000000140315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9dbae33564a8452021-12-17 11:40:47.565root 11241100x8000000000000000140316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c40267e944866c92021-12-17 11:40:47.565root 11241100x8000000000000000140317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1446cdaab81aee762021-12-17 11:40:47.565root 11241100x8000000000000000140318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6bb2263433a5542021-12-17 11:40:47.565root 11241100x8000000000000000140319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34feb506faf0c132021-12-17 11:40:47.566root 11241100x8000000000000000140320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abde34060b0066d82021-12-17 11:40:47.566root 11241100x8000000000000000140321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2e0e95402b7b902021-12-17 11:40:47.566root 11241100x8000000000000000140322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6982f1da966ba62021-12-17 11:40:47.566root 11241100x8000000000000000140323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34de675107995c402021-12-17 11:40:47.566root 11241100x8000000000000000140324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21a628bb9f3e2bd2021-12-17 11:40:47.566root 11241100x8000000000000000140325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b3fd5c92c7281e2021-12-17 11:40:47.566root 11241100x8000000000000000140326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3887cb67d4362a2021-12-17 11:40:47.567root 11241100x8000000000000000140327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8ce934960a3f1a2021-12-17 11:40:47.567root 11241100x8000000000000000140328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bc8c8eff13eaed2021-12-17 11:40:47.567root 11241100x8000000000000000140329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be572c008ef96812021-12-17 11:40:47.567root 11241100x8000000000000000140330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a33b8fba809927d2021-12-17 11:40:47.567root 11241100x8000000000000000140331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f531ee6baa9a4c2021-12-17 11:40:47.567root 11241100x8000000000000000140332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e9227667ba23ee2021-12-17 11:40:47.567root 11241100x8000000000000000140333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be04c5fba7f09db52021-12-17 11:40:47.567root 11241100x8000000000000000140334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3f5bb69d0c84eb2021-12-17 11:40:47.567root 11241100x8000000000000000140335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a8c474119b87372021-12-17 11:40:47.567root 11241100x8000000000000000140336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b153f23072cf5c8c2021-12-17 11:40:47.568root 11241100x8000000000000000140337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bbeaff42a23aac2021-12-17 11:40:47.568root 11241100x8000000000000000140338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063ed525a1a7e6d42021-12-17 11:40:47.568root 11241100x8000000000000000140339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dd00d96595bf452021-12-17 11:40:47.569root 11241100x8000000000000000140340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe2bc689c563f712021-12-17 11:40:47.569root 11241100x8000000000000000140341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bf0b1c1588f5dc2021-12-17 11:40:47.569root 11241100x8000000000000000140342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792dedf0074c8eea2021-12-17 11:40:47.569root 11241100x8000000000000000140343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69779e72699c52b82021-12-17 11:40:47.569root 11241100x8000000000000000140344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526148fffa963e6a2021-12-17 11:40:47.569root 11241100x8000000000000000140345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36ac4e820f46e502021-12-17 11:40:47.569root 11241100x8000000000000000140346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54cee614beb91cb2021-12-17 11:40:47.569root 11241100x8000000000000000140347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741f015fef46896e2021-12-17 11:40:47.570root 11241100x8000000000000000140348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f449c5bed1eadece2021-12-17 11:40:47.570root 11241100x8000000000000000140349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99db6bb20edb586d2021-12-17 11:40:47.570root 11241100x8000000000000000140350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b912b717666f07122021-12-17 11:40:47.570root 11241100x8000000000000000140351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f286981a840112602021-12-17 11:40:47.570root 11241100x8000000000000000140352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73062819628ae0b2021-12-17 11:40:47.570root 11241100x8000000000000000140353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bd1e9003f9dfe42021-12-17 11:40:47.570root 11241100x8000000000000000140354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4233c0728075d23a2021-12-17 11:40:47.571root 11241100x8000000000000000140355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a019a9b834b096352021-12-17 11:40:47.571root 11241100x8000000000000000140356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0754afeb342ea62021-12-17 11:40:47.571root 11241100x8000000000000000140357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e777a2ae43c6c0952021-12-17 11:40:47.571root 11241100x8000000000000000140358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82adefe14b1f3d82021-12-17 11:40:47.571root 11241100x8000000000000000140359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c647d5bfbde639a2021-12-17 11:40:47.571root 11241100x8000000000000000140360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313288e91891dda02021-12-17 11:40:47.572root 11241100x8000000000000000140361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595634a7d19228432021-12-17 11:40:47.572root 11241100x8000000000000000140362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6881a25e1466f7482021-12-17 11:40:47.573root 11241100x8000000000000000140363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a420d9e239baf92021-12-17 11:40:47.573root 11241100x8000000000000000140364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b77d1f8c63df2b2021-12-17 11:40:47.573root 11241100x8000000000000000140365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10c2cca1aeb96742021-12-17 11:40:47.573root 11241100x8000000000000000140366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2554639dd3b795352021-12-17 11:40:47.573root 11241100x8000000000000000140367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f106524757b88f2021-12-17 11:40:47.574root 11241100x8000000000000000140368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b93b738a9df408a2021-12-17 11:40:47.574root 11241100x8000000000000000140369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.575{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f433cd44168a8f2021-12-17 11:40:47.575root 11241100x8000000000000000140370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.576{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9dbf1fbea360b02021-12-17 11:40:47.576root 11241100x8000000000000000140371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.576{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26248e8840fd0582021-12-17 11:40:47.576root 11241100x8000000000000000140372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.576{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a142f60a730f9ce52021-12-17 11:40:47.576root 11241100x8000000000000000140373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.576{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8af5960fa744282021-12-17 11:40:47.576root 11241100x8000000000000000140374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.576{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edef1e5a82cd64e52021-12-17 11:40:47.576root 11241100x8000000000000000140375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.577{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17c9aeb55d78a6d2021-12-17 11:40:47.577root 11241100x8000000000000000140376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.577{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306024c2af3cf55b2021-12-17 11:40:47.577root 11241100x8000000000000000140377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.577{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3f348dfdbb70fc2021-12-17 11:40:47.577root 11241100x8000000000000000140378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.577{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e542198c6e8aa762021-12-17 11:40:47.577root 11241100x8000000000000000140379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.578{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b577ec95d8053ebe2021-12-17 11:40:47.578root 11241100x8000000000000000140380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.578{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533569a156073f1a2021-12-17 11:40:47.578root 11241100x8000000000000000140381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.578{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604070acd266ea922021-12-17 11:40:47.578root 11241100x8000000000000000140382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.578{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28289b60c3c2e7982021-12-17 11:40:47.578root 11241100x8000000000000000140383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.578{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a652799a9bacd192021-12-17 11:40:47.578root 11241100x8000000000000000140384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.579{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfd2d467c86a1862021-12-17 11:40:47.579root 11241100x8000000000000000140385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.579{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d0aad88737b3e52021-12-17 11:40:47.579root 11241100x8000000000000000140386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.579{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240c63099b04fe0f2021-12-17 11:40:47.579root 11241100x8000000000000000140387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.579{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0977522f8bbe0c5b2021-12-17 11:40:47.579root 11241100x8000000000000000140388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.580{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd9094ff0a528bb2021-12-17 11:40:47.580root 11241100x8000000000000000140389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.580{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a640d7a301ff0d612021-12-17 11:40:47.580root 11241100x8000000000000000140390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.580{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaeea3aab715ddc02021-12-17 11:40:47.580root 11241100x8000000000000000140391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.580{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e480ac4ad97a9672021-12-17 11:40:47.580root 11241100x8000000000000000140392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.580{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5e6238f283f9f52021-12-17 11:40:47.580root 11241100x8000000000000000140393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.581{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07082b1a80085002021-12-17 11:40:47.581root 11241100x8000000000000000140394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.581{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6803493b439d9912021-12-17 11:40:47.581root 11241100x8000000000000000140395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.581{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704400244cf09e282021-12-17 11:40:47.581root 11241100x8000000000000000140396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.582{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5504d0eee53141892021-12-17 11:40:47.582root 11241100x8000000000000000140397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.583{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c0ea46966fb7462021-12-17 11:40:47.583root 11241100x8000000000000000140398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.583{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51edf97a58fcd1f02021-12-17 11:40:47.583root 11241100x8000000000000000140399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.583{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22130fd76d197f202021-12-17 11:40:47.583root 11241100x8000000000000000140400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.583{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b2b87191a889762021-12-17 11:40:47.583root 11241100x8000000000000000140401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.583{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c594c0379a30e2021-12-17 11:40:47.583root 11241100x8000000000000000140402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.583{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6434d982e9423c2021-12-17 11:40:47.583root 11241100x8000000000000000140403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.583{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9c56a0808fe1292021-12-17 11:40:47.583root 11241100x8000000000000000140404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.584{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379824465473f0ef2021-12-17 11:40:47.584root 11241100x8000000000000000140405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.584{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b92ef29660535542021-12-17 11:40:47.584root 11241100x8000000000000000140406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea988b8a598b2c72021-12-17 11:40:47.585root 11241100x8000000000000000140407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca1cc92c52989952021-12-17 11:40:47.585root 11241100x8000000000000000140408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b27f0033f0af402021-12-17 11:40:47.585root 11241100x8000000000000000140409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07059ba6af65bb22021-12-17 11:40:47.585root 11241100x8000000000000000140410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.586{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5da4eea4e2e98d2021-12-17 11:40:47.586root 11241100x8000000000000000140411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.586{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e7b94647cc3cd72021-12-17 11:40:47.586root 11241100x8000000000000000140412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.586{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3787a98d1ee244b12021-12-17 11:40:47.586root 11241100x8000000000000000140413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.586{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad9f506bfacda412021-12-17 11:40:47.586root 11241100x8000000000000000140414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.586{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19d24cfa59257492021-12-17 11:40:47.586root 11241100x8000000000000000140415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba90aa8992cb77dc2021-12-17 11:40:47.587root 11241100x8000000000000000140416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a927588513b58bfa2021-12-17 11:40:47.587root 11241100x8000000000000000140417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fb63a68b72b5272021-12-17 11:40:47.587root 11241100x8000000000000000140418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933b2361d5389a092021-12-17 11:40:47.587root 11241100x8000000000000000140419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915d343588c99f4c2021-12-17 11:40:47.587root 11241100x8000000000000000140420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.588{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe66a39085da5122021-12-17 11:40:47.588root 11241100x8000000000000000140421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.588{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b772c68e3359bd22021-12-17 11:40:47.588root 11241100x8000000000000000140422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.588{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c88abc828625302021-12-17 11:40:47.588root 11241100x8000000000000000140423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.589{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90a5c3b0624a2302021-12-17 11:40:47.589root 11241100x8000000000000000140424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.589{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604ce0a07516da1d2021-12-17 11:40:47.589root 11241100x8000000000000000140425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.589{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76d06ba4495114f2021-12-17 11:40:47.589root 11241100x8000000000000000140426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.589{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8883137e855fbe102021-12-17 11:40:47.589root 11241100x8000000000000000140427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.589{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee9f71075e040cb2021-12-17 11:40:47.589root 11241100x8000000000000000140428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.589{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3022cb9cdf8ff902021-12-17 11:40:47.589root 11241100x8000000000000000140429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.590{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c28e539f15b51172021-12-17 11:40:47.590root 11241100x8000000000000000140430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.590{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb62214f39a35e32021-12-17 11:40:47.590root 11241100x8000000000000000140431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.590{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cb7e6f5922e0862021-12-17 11:40:47.590root 11241100x8000000000000000140432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad503f75fbc66b3f2021-12-17 11:40:47.591root 11241100x8000000000000000140433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a382f1663c5d4e602021-12-17 11:40:47.591root 11241100x8000000000000000140434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da01747b3b7ba7452021-12-17 11:40:47.591root 11241100x8000000000000000140435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b817dad04c4fc52021-12-17 11:40:47.591root 11241100x8000000000000000140436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58371cf0e77f9b32021-12-17 11:40:47.591root 11241100x8000000000000000140437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d546d8b56ba3f852021-12-17 11:40:47.591root 11241100x8000000000000000140438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.592{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec131b151e907032021-12-17 11:40:47.592root 11241100x8000000000000000140439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.592{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bddc42cba1ce1b2021-12-17 11:40:47.592root 11241100x8000000000000000140440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.592{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8282f1569ce2cdad2021-12-17 11:40:47.592root 11241100x8000000000000000140441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.592{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdb26987b0f910d2021-12-17 11:40:47.592root 11241100x8000000000000000140442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.592{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705c8f6fa3cdf5332021-12-17 11:40:47.592root 11241100x8000000000000000140443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.592{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263460345fc4ede92021-12-17 11:40:47.592root 11241100x8000000000000000140444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.592{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c759e2c66337262021-12-17 11:40:47.592root 11241100x8000000000000000140445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.592{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26740891b13d1a8d2021-12-17 11:40:47.592root 11241100x8000000000000000140446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.592{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f556fa84c495c3772021-12-17 11:40:47.592root 11241100x8000000000000000140447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.593{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0476e945bbb906df2021-12-17 11:40:47.593root 11241100x8000000000000000140448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.593{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e811d6804b14682021-12-17 11:40:47.593root 11241100x8000000000000000140449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.593{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48474d7956411da72021-12-17 11:40:47.593root 11241100x8000000000000000140450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.593{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5db87c0719a62bf2021-12-17 11:40:47.593root 11241100x8000000000000000140451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.593{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d028f1ad01b8160b2021-12-17 11:40:47.593root 11241100x8000000000000000140452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.594{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042983799b8651642021-12-17 11:40:47.594root 11241100x8000000000000000140453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.594{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666af5892ad9d2332021-12-17 11:40:47.594root 11241100x8000000000000000140454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.594{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a837c31f54b621442021-12-17 11:40:47.594root 11241100x8000000000000000140455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.594{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6c25ce311882a62021-12-17 11:40:47.594root 11241100x8000000000000000140456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.594{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3884a2702f15f83c2021-12-17 11:40:47.594root 11241100x8000000000000000140457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.595{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c998308166177a2021-12-17 11:40:47.595root 11241100x8000000000000000140458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.595{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748f7de9a49519e82021-12-17 11:40:47.595root 11241100x8000000000000000140459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.595{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc81f597d6551522021-12-17 11:40:47.595root 11241100x8000000000000000140460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.596{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832ea8fbfab7b2552021-12-17 11:40:47.596root 11241100x8000000000000000140461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.596{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feffb5c1837c8f052021-12-17 11:40:47.596root 11241100x8000000000000000140462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.596{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764196bdad98b5732021-12-17 11:40:47.596root 11241100x8000000000000000140463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.596{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308ead1762a2c7fd2021-12-17 11:40:47.596root 11241100x8000000000000000140464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.596{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3499f75b7d193d6f2021-12-17 11:40:47.596root 11241100x8000000000000000140465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.596{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19a5c7c2c9a06b52021-12-17 11:40:47.596root 11241100x8000000000000000140466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.596{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c312e80598f7282021-12-17 11:40:47.596root 11241100x8000000000000000140467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.596{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b1c35d21b2d3082021-12-17 11:40:47.596root 11241100x8000000000000000140468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.597{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afae7c7b68f83a52021-12-17 11:40:47.597root 11241100x8000000000000000140469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.597{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea68e11d2259059c2021-12-17 11:40:47.597root 11241100x8000000000000000140470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.597{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a025d0572017a85d2021-12-17 11:40:47.597root 11241100x8000000000000000140471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.597{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd530aac05e628952021-12-17 11:40:47.597root 11241100x8000000000000000140472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.597{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee892819c6d38752021-12-17 11:40:47.597root 11241100x8000000000000000140473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.597{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04ff9e0cd5aa0082021-12-17 11:40:47.597root 11241100x8000000000000000140474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.598{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f5dfb198d85a772021-12-17 11:40:47.598root 11241100x8000000000000000140475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.598{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18145e2b827e0c072021-12-17 11:40:47.598root 11241100x8000000000000000140476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.598{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7518677c016362572021-12-17 11:40:47.598root 11241100x8000000000000000140477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.599{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5189cabc5636952a2021-12-17 11:40:47.599root 11241100x8000000000000000140478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.599{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429eb2bfb46940e12021-12-17 11:40:47.599root 11241100x8000000000000000140479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.599{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecb5e8b4d1484372021-12-17 11:40:47.599root 11241100x8000000000000000140480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.600{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff590fee535a4e942021-12-17 11:40:47.600root 11241100x8000000000000000140481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.600{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5242f089fc2fca222021-12-17 11:40:47.600root 11241100x8000000000000000140482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.600{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342bb46aa2ebba7c2021-12-17 11:40:47.600root 11241100x8000000000000000140483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.600{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d58180b264da9132021-12-17 11:40:47.600root 11241100x8000000000000000140484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.600{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5dd48d579249d02021-12-17 11:40:47.600root 11241100x8000000000000000140485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.600{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99302800b2a1dd92021-12-17 11:40:47.600root 11241100x8000000000000000140486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.600{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660a99a24f9151972021-12-17 11:40:47.600root 11241100x8000000000000000140487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.601{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca4e1e9c2aaa1592021-12-17 11:40:47.601root 11241100x8000000000000000140488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.601{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d65c63aa4adcc8f2021-12-17 11:40:47.601root 11241100x8000000000000000140489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.601{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605bc1dacc48ae5b2021-12-17 11:40:47.601root 11241100x8000000000000000140490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.601{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3646532b666ca9dd2021-12-17 11:40:47.601root 11241100x8000000000000000140491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.601{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877123a5481ed7fc2021-12-17 11:40:47.601root 11241100x8000000000000000140492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.601{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9585a19ec3d73d2021-12-17 11:40:47.601root 11241100x8000000000000000140493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.601{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840741b345eb970e2021-12-17 11:40:47.601root 11241100x8000000000000000140494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.601{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d569fc86f7926422021-12-17 11:40:47.601root 11241100x8000000000000000140495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.602{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec8464bdfe4b5892021-12-17 11:40:47.602root 11241100x8000000000000000140496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.602{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086d08713c8c0c012021-12-17 11:40:47.602root 11241100x8000000000000000140497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.602{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7416f52b308983be2021-12-17 11:40:47.602root 11241100x8000000000000000140498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.602{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f5437f797ae47f2021-12-17 11:40:47.602root 11241100x8000000000000000140499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.602{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc4c99ee325e2892021-12-17 11:40:47.602root 11241100x8000000000000000140500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.602{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b16a0771487e3f2021-12-17 11:40:47.602root 11241100x8000000000000000140501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.602{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cef82bd82bb70572021-12-17 11:40:47.602root 11241100x8000000000000000140502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.603{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d33136744fbe3c12021-12-17 11:40:47.603root 11241100x8000000000000000140503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.603{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0301de4009e3f0f12021-12-17 11:40:47.603root 11241100x8000000000000000140504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.603{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18135ee01a2f5e682021-12-17 11:40:47.603root 11241100x8000000000000000140505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.603{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2845ae254e7aab2021-12-17 11:40:47.603root 11241100x8000000000000000140506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.603{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555fc2f354ef8ed92021-12-17 11:40:47.603root 11241100x8000000000000000140507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.603{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a228bcea050159f82021-12-17 11:40:47.603root 11241100x8000000000000000140508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.603{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1bd2049e30d4452021-12-17 11:40:47.603root 11241100x8000000000000000140509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.603{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc8512013e6b2c22021-12-17 11:40:47.603root 11241100x8000000000000000140510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.604{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cb227b11b230ec2021-12-17 11:40:47.604root 11241100x8000000000000000140511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.604{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7985c15b4bb8442021-12-17 11:40:47.604root 11241100x8000000000000000140512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.604{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8209a578661a38e22021-12-17 11:40:47.604root 11241100x8000000000000000140513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.605{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856fcca382c4f8092021-12-17 11:40:47.605root 11241100x8000000000000000140514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.605{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fd27eacca0dc592021-12-17 11:40:47.605root 11241100x8000000000000000140515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.605{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e778ec95a68f31f2021-12-17 11:40:47.605root 11241100x8000000000000000140516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.605{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e858b14f1b8a8e32021-12-17 11:40:47.605root 11241100x8000000000000000140517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.605{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260b8fc284bab2c22021-12-17 11:40:47.605root 11241100x8000000000000000140518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.606{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f08466568fc3682021-12-17 11:40:47.606root 11241100x8000000000000000140519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.606{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af0e8726d6663762021-12-17 11:40:47.606root 11241100x8000000000000000140520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.606{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa154710cc6abaf2021-12-17 11:40:47.606root 11241100x8000000000000000140521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.607{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3fcf21bb90a7392021-12-17 11:40:47.607root 11241100x8000000000000000140522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.607{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd245378de0f2542021-12-17 11:40:47.607root 11241100x8000000000000000140523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.607{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0e4e4b9b3bfcda2021-12-17 11:40:47.607root 11241100x8000000000000000140524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.607{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0bc180ad467a6b2021-12-17 11:40:47.607root 11241100x8000000000000000140525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.608{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c821a964cf292a7a2021-12-17 11:40:47.608root 11241100x8000000000000000140526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.609{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bed3f8493afdff2021-12-17 11:40:47.609root 11241100x8000000000000000140527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.609{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5413ed978e751c662021-12-17 11:40:47.609root 11241100x8000000000000000140528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.609{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f589928133b543f12021-12-17 11:40:47.609root 11241100x8000000000000000140529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.609{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ede4b2519c69add2021-12-17 11:40:47.609root 11241100x8000000000000000140530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.609{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca00a0c08b1cf002021-12-17 11:40:47.609root 11241100x8000000000000000140531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.609{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2ec2d9e15df5d22021-12-17 11:40:47.609root 11241100x8000000000000000140532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.609{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e327863a349066c2021-12-17 11:40:47.609root 11241100x8000000000000000140533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.609{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa90ed2371667bf2021-12-17 11:40:47.609root 11241100x8000000000000000140534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.610{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d91a4a042169722021-12-17 11:40:47.610root 11241100x8000000000000000140535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.610{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ff38ca12b09c972021-12-17 11:40:47.610root 11241100x8000000000000000140536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.610{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6921ba914d025cb2021-12-17 11:40:47.610root 11241100x8000000000000000140537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.610{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe1b11292e31b0f2021-12-17 11:40:47.610root 11241100x8000000000000000140538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.610{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cdefa0d6d258762021-12-17 11:40:47.610root 11241100x8000000000000000140539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.610{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a573d8c05304e842021-12-17 11:40:47.610root 11241100x8000000000000000140540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.610{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65df950f15e18e82021-12-17 11:40:47.610root 11241100x8000000000000000140541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.611{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b36e1128d449e8c2021-12-17 11:40:47.611root 11241100x8000000000000000140542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.611{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673438d9bd889f5a2021-12-17 11:40:47.611root 11241100x8000000000000000140543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.611{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168804ab5443961e2021-12-17 11:40:47.611root 11241100x8000000000000000140544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.611{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0788e77792b545ad2021-12-17 11:40:47.611root 11241100x8000000000000000140545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.611{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d7ebb690f02f5f2021-12-17 11:40:47.611root 11241100x8000000000000000140546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.612{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5d2c19aeb236412021-12-17 11:40:47.612root 11241100x8000000000000000140547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.612{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c723a6fb56c74172021-12-17 11:40:47.612root 11241100x8000000000000000140548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.612{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a59086c5a9f1422021-12-17 11:40:47.612root 11241100x8000000000000000140549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.612{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4818400cede1502e2021-12-17 11:40:47.612root 11241100x8000000000000000140550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.613{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36821a0b703989e62021-12-17 11:40:47.613root 11241100x8000000000000000140551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.613{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b22ab20cbc6037b2021-12-17 11:40:47.613root 11241100x8000000000000000140552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.613{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439c2c5a22f545592021-12-17 11:40:47.613root 11241100x8000000000000000140553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.613{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2b379e7030db332021-12-17 11:40:47.613root 11241100x8000000000000000140554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.613{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a2833d601970d32021-12-17 11:40:47.613root 11241100x8000000000000000140555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.613{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d878ebd0a0283fd2021-12-17 11:40:47.613root 11241100x8000000000000000140556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.613{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5468e3d053636e3d2021-12-17 11:40:47.613root 11241100x8000000000000000140557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.614{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab39af0bdb9232b2021-12-17 11:40:47.614root 11241100x8000000000000000140558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.614{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70fd0b427362d602021-12-17 11:40:47.614root 11241100x8000000000000000140559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.614{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbc1f49de92ab532021-12-17 11:40:47.614root 11241100x8000000000000000140560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.614{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f563365662b59c462021-12-17 11:40:47.614root 11241100x8000000000000000140561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.614{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f23b391c52c87d62021-12-17 11:40:47.614root 11241100x8000000000000000140562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.614{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0fa5e8e351705f2021-12-17 11:40:47.614root 11241100x8000000000000000140563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.615{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5afcc280dff89922021-12-17 11:40:47.615root 11241100x8000000000000000140564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.615{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5382926e3088387f2021-12-17 11:40:47.615root 11241100x8000000000000000140565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.615{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d46abf0679d4262021-12-17 11:40:47.615root 11241100x8000000000000000140566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.616{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8462cf941c8c6d2021-12-17 11:40:47.616root 11241100x8000000000000000140567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.616{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a36c7ad4a2d44ec2021-12-17 11:40:47.616root 11241100x8000000000000000140568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.616{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158795250d311bea2021-12-17 11:40:47.616root 11241100x8000000000000000140569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.616{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb54655fd05300b2021-12-17 11:40:47.616root 11241100x8000000000000000140570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.616{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f977e88b3607dee2021-12-17 11:40:47.616root 11241100x8000000000000000140571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.616{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d9766f8b6b07712021-12-17 11:40:47.616root 11241100x8000000000000000140572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.616{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f27b81704da4a92021-12-17 11:40:47.616root 11241100x8000000000000000140573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.616{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536e156ae71754db2021-12-17 11:40:47.616root 11241100x8000000000000000140574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.616{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc35d0f7dd7664a2021-12-17 11:40:47.616root 11241100x8000000000000000140575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.617{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0195ef9b819dde02021-12-17 11:40:47.617root 11241100x8000000000000000140576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.617{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f61510bcd676972021-12-17 11:40:47.617root 11241100x8000000000000000140577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.617{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cef6e21981df222021-12-17 11:40:47.617root 11241100x8000000000000000140578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.617{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eae5cc16700798c2021-12-17 11:40:47.617root 11241100x8000000000000000140579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.617{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5192ead29211bc52021-12-17 11:40:47.617root 11241100x8000000000000000140580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.617{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7090e66be9b751c2021-12-17 11:40:47.617root 11241100x8000000000000000140581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.617{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207f1192b62bd5da2021-12-17 11:40:47.617root 11241100x8000000000000000140582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.617{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d7dd72f16792fc2021-12-17 11:40:47.617root 11241100x8000000000000000140583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.618{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f443bcb6903f037b2021-12-17 11:40:47.618root 11241100x8000000000000000140584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.619{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bf47300d77ff1c2021-12-17 11:40:47.619root 11241100x8000000000000000140585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.620{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f378e30f03d4b42021-12-17 11:40:47.620root 11241100x8000000000000000140586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.620{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107184a239227bf82021-12-17 11:40:47.620root 11241100x8000000000000000140587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.620{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def4ec3be30203862021-12-17 11:40:47.620root 11241100x8000000000000000140588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.620{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323ba0b380d785082021-12-17 11:40:47.620root 11241100x8000000000000000140589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.620{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710e13c0ee7f37f32021-12-17 11:40:47.620root 11241100x8000000000000000140590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.620{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4918b5b03d66af42021-12-17 11:40:47.620root 11241100x8000000000000000140591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.620{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7917092e79f5ae2021-12-17 11:40:47.620root 11241100x8000000000000000140592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.621{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b1c0f42262303b2021-12-17 11:40:47.621root 11241100x8000000000000000140593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.621{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fbb044df40d10b2021-12-17 11:40:47.621root 11241100x8000000000000000140594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.621{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f28c6696a613962021-12-17 11:40:47.621root 11241100x8000000000000000140595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.621{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f8e1a377e753662021-12-17 11:40:47.621root 11241100x8000000000000000140596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.621{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a582e0d52858a5d2021-12-17 11:40:47.621root 11241100x8000000000000000140597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.622{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4cec625576eeb22021-12-17 11:40:47.622root 11241100x8000000000000000140598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.622{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f7a00c04b124e92021-12-17 11:40:47.622root 11241100x8000000000000000140599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.623{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da8784b8df49f092021-12-17 11:40:47.623root 11241100x8000000000000000140600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.623{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81148178b87d65b2021-12-17 11:40:47.623root 11241100x8000000000000000140601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.623{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ae7c599bbb41762021-12-17 11:40:47.623root 11241100x8000000000000000140602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.624{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f6fd0a1eee8b172021-12-17 11:40:47.624root 11241100x8000000000000000140603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.624{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730ce59903ea97d72021-12-17 11:40:47.624root 11241100x8000000000000000140604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.625{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70979e7ef7870d562021-12-17 11:40:47.625root 11241100x8000000000000000140605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.625{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b10331b576756cd2021-12-17 11:40:47.625root 11241100x8000000000000000140606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.625{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb85b7ce2921e9a02021-12-17 11:40:47.625root 11241100x8000000000000000140607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.625{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb5e7e399a1ecbd2021-12-17 11:40:47.625root 11241100x8000000000000000140608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.625{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6de183bd1461b52021-12-17 11:40:47.625root 11241100x8000000000000000140609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.625{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e764ed6690839c2021-12-17 11:40:47.625root 11241100x8000000000000000140610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.625{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c429253759e7112021-12-17 11:40:47.625root 11241100x8000000000000000140611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.625{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546cf2837cb3e2912021-12-17 11:40:47.625root 11241100x8000000000000000140612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.626{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc28591aa4232a22021-12-17 11:40:47.626root 11241100x8000000000000000140613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.626{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef02cda1d217b5f72021-12-17 11:40:47.626root 11241100x8000000000000000140614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.626{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b81d9c43d5ca9a52021-12-17 11:40:47.626root 11241100x8000000000000000140615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.626{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69db20aa401ffe3e2021-12-17 11:40:47.626root 11241100x8000000000000000140616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.626{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ae257e2bf1b10c2021-12-17 11:40:47.626root 11241100x8000000000000000140617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.627{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a093017d547f52002021-12-17 11:40:47.627root 11241100x8000000000000000140618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.627{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affea8b9d079e1d72021-12-17 11:40:47.627root 11241100x8000000000000000140619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.627{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fddfa6e4d1db202021-12-17 11:40:47.627root 11241100x8000000000000000140620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.627{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0902e85398f0ca82021-12-17 11:40:47.627root 11241100x8000000000000000140621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.627{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4371f667d7899de2021-12-17 11:40:47.627root 11241100x8000000000000000140622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.627{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0658c2e1006ba42021-12-17 11:40:47.627root 11241100x8000000000000000140623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.627{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4ed08a9c3b17fb2021-12-17 11:40:47.627root 11241100x8000000000000000140624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.628{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191781f79b7445a02021-12-17 11:40:47.628root 11241100x8000000000000000140625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.628{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401132c3278734462021-12-17 11:40:47.628root 11241100x8000000000000000140626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.628{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094d043fe433a29c2021-12-17 11:40:47.628root 11241100x8000000000000000140627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.629{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6697dadc6a67a42021-12-17 11:40:47.629root 11241100x8000000000000000140628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.629{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e2ed8137dfadd02021-12-17 11:40:47.629root 11241100x8000000000000000140629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.629{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e54028bcdef76902021-12-17 11:40:47.629root 11241100x8000000000000000140630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.629{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d7c14e7841d71f2021-12-17 11:40:47.629root 11241100x8000000000000000140631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.630{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525ca1a917f09ca52021-12-17 11:40:47.630root 11241100x8000000000000000140632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.630{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e476e46e425385e2021-12-17 11:40:47.630root 11241100x8000000000000000140633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.630{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3834233dc61a7aad2021-12-17 11:40:47.630root 11241100x8000000000000000140634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.630{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c35383dae57244e2021-12-17 11:40:47.630root 11241100x8000000000000000140635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.630{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a2efda0a0f6fee2021-12-17 11:40:47.630root 11241100x8000000000000000140636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.630{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434d5bad8e9381f22021-12-17 11:40:47.630root 11241100x8000000000000000140637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.630{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e5c73ab317f76d2021-12-17 11:40:47.630root 11241100x8000000000000000140638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.630{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3ff90bc94c3f2a2021-12-17 11:40:47.630root 11241100x8000000000000000140639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.630{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3438e66836af97e2021-12-17 11:40:47.630root 11241100x8000000000000000140640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.631{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444dd8e67ea07be52021-12-17 11:40:47.631root 11241100x8000000000000000140641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.631{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3926e06bf50c372021-12-17 11:40:47.631root 11241100x8000000000000000140642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.631{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcede5ec74c1e4f42021-12-17 11:40:47.631root 11241100x8000000000000000140643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.631{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2286e2d156b74f6d2021-12-17 11:40:47.631root 11241100x8000000000000000140644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.631{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80ea5bafe5f421b2021-12-17 11:40:47.631root 11241100x8000000000000000140645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.632{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be02ea15407cd3942021-12-17 11:40:47.632root 11241100x8000000000000000140646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.632{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff112723b1c51ab2021-12-17 11:40:47.632root 11241100x8000000000000000140647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.634{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9974a499d62092cf2021-12-17 11:40:47.634root 11241100x8000000000000000140648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.634{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3256858ad443872021-12-17 11:40:47.634root 11241100x8000000000000000140649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.634{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001ed0cf744ff0d72021-12-17 11:40:47.634root 11241100x8000000000000000140650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.634{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8492cfa029fdb5d2021-12-17 11:40:47.634root 11241100x8000000000000000140651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.634{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3ebbcc72d048822021-12-17 11:40:47.634root 11241100x8000000000000000140652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.634{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae11835d2c88d3f02021-12-17 11:40:47.634root 11241100x8000000000000000140653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.634{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507467eb8c6678072021-12-17 11:40:47.634root 11241100x8000000000000000140654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.635{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44805c52bd61e7412021-12-17 11:40:47.635root 11241100x8000000000000000140655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.635{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d09723bd42b2662021-12-17 11:40:47.635root 11241100x8000000000000000140656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.635{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d160cdae6bdc42b02021-12-17 11:40:47.635root 11241100x8000000000000000140657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.635{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28018a3e8c8ee4932021-12-17 11:40:47.635root 11241100x8000000000000000140658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.635{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9df22bef9ca74cb2021-12-17 11:40:47.635root 11241100x8000000000000000140659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.635{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0627b5123e732112021-12-17 11:40:47.635root 11241100x8000000000000000140660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.636{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9296084b474c212021-12-17 11:40:47.636root 11241100x8000000000000000140661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.636{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4f5f7c3f437c672021-12-17 11:40:47.636root 11241100x8000000000000000140662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.636{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8387eed5c99f44f92021-12-17 11:40:47.636root 11241100x8000000000000000140663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.636{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dee6c47b19407352021-12-17 11:40:47.636root 11241100x8000000000000000140664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.636{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ec0dd6433a95f62021-12-17 11:40:47.636root 11241100x8000000000000000140665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.638{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32da54f4eb81a2392021-12-17 11:40:47.638root 11241100x8000000000000000140666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.638{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676c540ce17e21242021-12-17 11:40:47.638root 11241100x8000000000000000140667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.638{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83424bba6f5426d2021-12-17 11:40:47.638root 11241100x8000000000000000140668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.638{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb609c24657535a2021-12-17 11:40:47.638root 11241100x8000000000000000140669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.639{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f46fe73f5169b32021-12-17 11:40:47.639root 11241100x8000000000000000140670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.639{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb09eaf40ab98fa32021-12-17 11:40:47.639root 11241100x8000000000000000140671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.639{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb83cc58cd7f69c2021-12-17 11:40:47.639root 11241100x8000000000000000140672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.640{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ec07863965d0be2021-12-17 11:40:47.640root 11241100x8000000000000000140673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.640{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8895fc957a354fda2021-12-17 11:40:47.640root 11241100x8000000000000000140674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.640{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47e892ed2a23e3e2021-12-17 11:40:47.640root 11241100x8000000000000000140675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.641{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74075c42a36047232021-12-17 11:40:47.641root 11241100x8000000000000000140676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.641{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50b989aac8472072021-12-17 11:40:47.641root 11241100x8000000000000000140677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.641{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6ba5155f2647072021-12-17 11:40:47.641root 11241100x8000000000000000140678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.642{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d06b4ff957b68b2021-12-17 11:40:47.642root 11241100x8000000000000000140679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.642{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1878cbb014b0572021-12-17 11:40:47.642root 11241100x8000000000000000140680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.642{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754738141a04bc0f2021-12-17 11:40:47.642root 11241100x8000000000000000140681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.642{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4c5d5a549a32f92021-12-17 11:40:47.642root 11241100x8000000000000000140682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.643{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d8d2f38a012f162021-12-17 11:40:47.643root 11241100x8000000000000000140683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.643{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1f01887b610da52021-12-17 11:40:47.643root 11241100x8000000000000000140684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.643{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1c767a79b84ecc2021-12-17 11:40:47.643root 11241100x8000000000000000140685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.643{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0e58dc6c312f412021-12-17 11:40:47.643root 11241100x8000000000000000140686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.643{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9020bada4c05b172021-12-17 11:40:47.643root 11241100x8000000000000000140687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.643{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becffb00ae4828a82021-12-17 11:40:47.643root 11241100x8000000000000000140688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.644{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ba214ec45545be2021-12-17 11:40:47.644root 11241100x8000000000000000140689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.644{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf36bcaf1a1e8282021-12-17 11:40:47.644root 11241100x8000000000000000140690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.644{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38915e66e2ede1312021-12-17 11:40:47.644root 11241100x8000000000000000140691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.644{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb856c69dbb35a312021-12-17 11:40:47.644root 11241100x8000000000000000140692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.644{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02830184af52ffdc2021-12-17 11:40:47.644root 11241100x8000000000000000140693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.645{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb92c9200d0d9502021-12-17 11:40:47.645root 11241100x8000000000000000140694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.645{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad397dbc35e487702021-12-17 11:40:47.645root 11241100x8000000000000000140695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.645{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8d844e76a039c52021-12-17 11:40:47.645root 11241100x8000000000000000140696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.645{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50ef5b838da7dff2021-12-17 11:40:47.645root 11241100x8000000000000000140697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.645{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284d8e767ed682be2021-12-17 11:40:47.645root 11241100x8000000000000000140698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.646{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b42150d78840fad2021-12-17 11:40:47.646root 11241100x8000000000000000140699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.646{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab771d908f808232021-12-17 11:40:47.646root 11241100x8000000000000000140700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.647{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149e18df82b4d4e82021-12-17 11:40:47.647root 11241100x8000000000000000140701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.647{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0068aa1cc78043cd2021-12-17 11:40:47.647root 11241100x8000000000000000140702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.647{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2a255e95f4c3b92021-12-17 11:40:47.647root 11241100x8000000000000000140703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.648{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3337a003d6400b72021-12-17 11:40:47.648root 11241100x8000000000000000140704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.648{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3560a085b3d87e62021-12-17 11:40:47.648root 11241100x8000000000000000140705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.649{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530e7073c0ea6ab32021-12-17 11:40:47.649root 11241100x8000000000000000140706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.649{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5947ab9b1ad2112021-12-17 11:40:47.649root 11241100x8000000000000000140707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.649{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da87ebc4e73d6d12021-12-17 11:40:47.649root 11241100x8000000000000000140708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.650{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400a299e73dbc61c2021-12-17 11:40:47.650root 11241100x8000000000000000140709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.650{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808864ae6b2361a42021-12-17 11:40:47.650root 11241100x8000000000000000140710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.651{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb7badb2b1f0bfd2021-12-17 11:40:47.651root 11241100x8000000000000000140711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.651{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57934a341f3f0ed12021-12-17 11:40:47.651root 11241100x8000000000000000140712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.651{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02d163ce2f2db402021-12-17 11:40:47.651root 11241100x8000000000000000140713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.651{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94c4e5f1bd3b56a2021-12-17 11:40:47.651root 11241100x8000000000000000140714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.651{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1c59c5ea3b5a7d2021-12-17 11:40:47.651root 11241100x8000000000000000140715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.651{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947c89890772790f2021-12-17 11:40:47.651root 11241100x8000000000000000140716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.651{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f7f4784e227b1e2021-12-17 11:40:47.651root 11241100x8000000000000000140717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.652{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8422dbeca416b92021-12-17 11:40:47.652root 11241100x8000000000000000140718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.652{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b62fdf2092a8302021-12-17 11:40:47.652root 11241100x8000000000000000140719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.652{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42d1de8d4b2b5942021-12-17 11:40:47.652root 11241100x8000000000000000140720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.652{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adff8b8f8fad0912021-12-17 11:40:47.652root 11241100x8000000000000000140721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.652{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbfcb0738df85b62021-12-17 11:40:47.652root 11241100x8000000000000000140722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.652{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2456f632903c8c182021-12-17 11:40:47.652root 11241100x8000000000000000140723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.652{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7574f4f3428d9e5e2021-12-17 11:40:47.652root 11241100x8000000000000000140724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce3344a5fc373ff2021-12-17 11:40:47.653root 11241100x8000000000000000140725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b4d75f6eef28922021-12-17 11:40:47.653root 11241100x8000000000000000140726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a925241aa7eca5a32021-12-17 11:40:47.653root 11241100x8000000000000000140727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cc4fe3f90a56b32021-12-17 11:40:47.653root 11241100x8000000000000000140728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70702ab266c99dfc2021-12-17 11:40:47.653root 11241100x8000000000000000140729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6d1dc22300f0672021-12-17 11:40:47.653root 11241100x8000000000000000140730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ad337cb366add92021-12-17 11:40:47.653root 11241100x8000000000000000140731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85faec55eda8c9292021-12-17 11:40:47.653root 11241100x8000000000000000140732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902030fa47779cd92021-12-17 11:40:47.653root 11241100x8000000000000000140733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2299ffbb928846072021-12-17 11:40:47.653root 11241100x8000000000000000140734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1225ef961a0634c32021-12-17 11:40:47.653root 11241100x8000000000000000140735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736a4ef6c169fe322021-12-17 11:40:47.653root 11241100x8000000000000000140736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d5fbc28aeabc382021-12-17 11:40:47.653root 11241100x8000000000000000140737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3632aa85e8573de2021-12-17 11:40:47.653root 11241100x8000000000000000140738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3cb1342caf2bac2021-12-17 11:40:47.653root 11241100x8000000000000000140739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.653{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8e462267ea6c842021-12-17 11:40:47.653root 11241100x8000000000000000140740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.654{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc7bf6d649e34da2021-12-17 11:40:47.654root 11241100x8000000000000000140741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.654{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1570c8e59b982cff2021-12-17 11:40:47.654root 11241100x8000000000000000140742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.665{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7fe0af04b0aab72021-12-17 11:40:47.665root 11241100x8000000000000000140743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.665{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21657207c8f686572021-12-17 11:40:47.665root 11241100x8000000000000000140744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d55d77b2e6407032021-12-17 11:40:47.666root 11241100x8000000000000000140745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4af506317313d552021-12-17 11:40:47.666root 11241100x8000000000000000140746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6ad16d798cb7432021-12-17 11:40:47.666root 11241100x8000000000000000140747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa725c9d6c0644c02021-12-17 11:40:47.666root 11241100x8000000000000000140748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531f0e14882d759e2021-12-17 11:40:47.666root 11241100x8000000000000000140749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f817a411ca1268602021-12-17 11:40:47.666root 11241100x8000000000000000140750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7e385776a3a2df2021-12-17 11:40:47.666root 11241100x8000000000000000140751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869fc9fe26a0f0202021-12-17 11:40:47.666root 11241100x8000000000000000140752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0549886cb9add12021-12-17 11:40:47.666root 11241100x8000000000000000140753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6093ea9f3a9f9e12021-12-17 11:40:47.666root 11241100x8000000000000000140754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e4b2d9b7eae6562021-12-17 11:40:47.666root 11241100x8000000000000000140755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4abafb7a6252d132021-12-17 11:40:47.666root 11241100x8000000000000000140756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.666{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f703cf65fd7ea92021-12-17 11:40:47.666root 11241100x8000000000000000140757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.667{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277d45a2c726153a2021-12-17 11:40:47.667root 11241100x8000000000000000140758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.667{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a779b247b3f0f36c2021-12-17 11:40:47.667root 11241100x8000000000000000140759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.667{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1618b03cad2497582021-12-17 11:40:47.667root 11241100x8000000000000000140760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.667{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65011fbc9c04dd12021-12-17 11:40:47.667root 11241100x8000000000000000140761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.667{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682f35f6aebfa4212021-12-17 11:40:47.667root 11241100x8000000000000000140762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.667{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e80e302ea269ec72021-12-17 11:40:47.667root 11241100x8000000000000000140763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.667{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd669a6ebadde9f2021-12-17 11:40:47.667root 11241100x8000000000000000140764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.668{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e92f996ca30093d2021-12-17 11:40:47.668root 11241100x8000000000000000140765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.668{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac1549c4ac6ead62021-12-17 11:40:47.668root 11241100x8000000000000000140766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.668{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e2d0b677d0c65e2021-12-17 11:40:47.668root 11241100x8000000000000000140767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.668{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422e69aac4cca5d82021-12-17 11:40:47.668root 11241100x8000000000000000140768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4343f58b3d819b2021-12-17 11:40:47.669root 11241100x8000000000000000140769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42585eb2a4d045ae2021-12-17 11:40:47.669root 11241100x8000000000000000140770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a838c309d03b52f02021-12-17 11:40:47.669root 11241100x8000000000000000140771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64280a7437e1d2222021-12-17 11:40:47.669root 11241100x8000000000000000140772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef606431e61608842021-12-17 11:40:47.669root 11241100x8000000000000000140773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7abb31e78aa9382021-12-17 11:40:47.669root 11241100x8000000000000000140774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eec98eaf107c1572021-12-17 11:40:47.669root 11241100x8000000000000000140775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb6266d8af51c032021-12-17 11:40:47.669root 11241100x8000000000000000140776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd535ed790d616f2021-12-17 11:40:47.669root 11241100x8000000000000000140777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d89ce09149c3b92021-12-17 11:40:47.669root 11241100x8000000000000000140778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc50945f983c22a2021-12-17 11:40:47.669root 11241100x8000000000000000140779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c883dba378eabab12021-12-17 11:40:47.669root 11241100x8000000000000000140780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.669{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300eb90d12d083aa2021-12-17 11:40:47.669root 11241100x8000000000000000140781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.670{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eb310abb1d9c652021-12-17 11:40:47.670root 11241100x8000000000000000140782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.670{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031e36b27ac10f692021-12-17 11:40:47.670root 11241100x8000000000000000140783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.670{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea733b0bb3a514442021-12-17 11:40:47.670root 11241100x8000000000000000140784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.670{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d32471f798a8b5f2021-12-17 11:40:47.670root 11241100x8000000000000000140785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.670{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3a1ee57fb7e0cc2021-12-17 11:40:47.670root 11241100x8000000000000000140786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.670{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baec0043bd9adcff2021-12-17 11:40:47.670root 11241100x8000000000000000140787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.672{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518444f2e26118ed2021-12-17 11:40:47.672root 11241100x8000000000000000140788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.676{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9530ba16850bb3ca2021-12-17 11:40:47.676root 11241100x8000000000000000140789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.676{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474b32778d0c67862021-12-17 11:40:47.676root 11241100x8000000000000000140790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.676{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9b3e0514941ba72021-12-17 11:40:47.676root 11241100x8000000000000000140791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.676{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78fd3d584c1ef0c2021-12-17 11:40:47.676root 11241100x8000000000000000140792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.676{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac31761b1ceb07672021-12-17 11:40:47.676root 11241100x8000000000000000140793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.676{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3438b768fc2257a2021-12-17 11:40:47.676root 11241100x8000000000000000140794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.676{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1ca9d65a7b0ab52021-12-17 11:40:47.676root 11241100x8000000000000000140795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.676{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2d69d677a564ec2021-12-17 11:40:47.676root 11241100x8000000000000000140796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.676{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1adf92e837dd5f2021-12-17 11:40:47.676root 11241100x8000000000000000140797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.676{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0ac30d7d341a932021-12-17 11:40:47.676root 11241100x8000000000000000140798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.676{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35de18c3ac2be8d62021-12-17 11:40:47.676root 11241100x8000000000000000140799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ba8a673d214acf2021-12-17 11:40:47.677root 11241100x8000000000000000140800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0866c66605375d82021-12-17 11:40:47.677root 11241100x8000000000000000140801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2f0009e767f7342021-12-17 11:40:47.677root 11241100x8000000000000000140802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b116788d44fbbac02021-12-17 11:40:47.677root 11241100x8000000000000000140803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dea680bc0e1ab32021-12-17 11:40:47.677root 11241100x8000000000000000140804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba2cd0c471ba62f2021-12-17 11:40:47.677root 11241100x8000000000000000140805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675e4c420b77549c2021-12-17 11:40:47.677root 11241100x8000000000000000140806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa95918d140a4432021-12-17 11:40:47.677root 11241100x8000000000000000140807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c7521c3aefe3f12021-12-17 11:40:47.677root 11241100x8000000000000000140808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf3eadacb026fbd2021-12-17 11:40:47.677root 11241100x8000000000000000140809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e3dfa85f7e705b2021-12-17 11:40:47.677root 11241100x8000000000000000140810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae3e08c0863186a2021-12-17 11:40:47.677root 11241100x8000000000000000140811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312c69c86b4926d82021-12-17 11:40:47.677root 11241100x8000000000000000140812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9dadd2a7d9cb8d2021-12-17 11:40:47.677root 11241100x8000000000000000140813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9ee0a98b6e49932021-12-17 11:40:47.677root 11241100x8000000000000000140814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cf322193d5486f2021-12-17 11:40:47.677root 11241100x8000000000000000140815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.677{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dbc4c0eac77bf12021-12-17 11:40:47.677root 11241100x8000000000000000140816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebd27ac58c47b992021-12-17 11:40:47.678root 11241100x8000000000000000140817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d51d1d42998e0b2021-12-17 11:40:47.678root 11241100x8000000000000000140818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15329f8be88a4cdd2021-12-17 11:40:47.678root 11241100x8000000000000000140819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cf3db201445c5b2021-12-17 11:40:47.678root 11241100x8000000000000000140820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2cda109c5b2be02021-12-17 11:40:47.678root 11241100x8000000000000000140821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b08c0c82bd88e52021-12-17 11:40:47.678root 11241100x8000000000000000140822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca6b2fdb5ef8cc02021-12-17 11:40:47.678root 11241100x8000000000000000140823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476acc93d52961952021-12-17 11:40:47.678root 11241100x8000000000000000140824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d34e7e198e40992021-12-17 11:40:47.678root 11241100x8000000000000000140825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f2c626317b64a42021-12-17 11:40:47.678root 11241100x8000000000000000140826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b89d947d15b5d92021-12-17 11:40:47.678root 11241100x8000000000000000140827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971ea11147fa278c2021-12-17 11:40:47.678root 11241100x8000000000000000140828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.678{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0edf603e484be52021-12-17 11:40:47.678root 11241100x8000000000000000140829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.683{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d2b6f8a7ca3cce2021-12-17 11:40:47.683root 11241100x8000000000000000140830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.692{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444dab1f07ecbf052021-12-17 11:40:47.692root 11241100x8000000000000000140831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.692{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d507dcf908175722021-12-17 11:40:47.692root 11241100x8000000000000000140832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.692{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581b7bafe04a94752021-12-17 11:40:47.692root 11241100x8000000000000000140833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.692{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4b43d3326342672021-12-17 11:40:47.692root 11241100x8000000000000000140834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.692{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deededc03326d9362021-12-17 11:40:47.692root 11241100x8000000000000000140835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.692{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d446d1daa982732021-12-17 11:40:47.692root 11241100x8000000000000000140836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.692{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3582aad4afa9cbb2021-12-17 11:40:47.692root 11241100x8000000000000000140837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.692{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e0016fe76c386e2021-12-17 11:40:47.692root 11241100x8000000000000000140838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.692{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2135736ae065335e2021-12-17 11:40:47.692root 11241100x8000000000000000140839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.693{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceba4a0bfa9e98a2021-12-17 11:40:47.693root 11241100x8000000000000000140840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.693{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e60a623b0869192021-12-17 11:40:47.693root 11241100x8000000000000000140841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.693{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f9ff8d074d9f2c2021-12-17 11:40:47.693root 11241100x8000000000000000140842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.693{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17472a69e7a43922021-12-17 11:40:47.693root 11241100x8000000000000000140843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.693{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7644c5e8121afa912021-12-17 11:40:47.693root 11241100x8000000000000000140844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.693{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad3516a090093962021-12-17 11:40:47.693root 11241100x8000000000000000140845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.693{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cc185fb9390fe62021-12-17 11:40:47.693root 11241100x8000000000000000140846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.693{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193e3ed50c87de812021-12-17 11:40:47.693root 11241100x8000000000000000140847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.693{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7123bca1f3ebb122021-12-17 11:40:47.693root 11241100x8000000000000000140848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.693{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cd252b9c3d8da52021-12-17 11:40:47.693root 11241100x8000000000000000140849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.693{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6920cc7c8d290b2021-12-17 11:40:47.693root 11241100x8000000000000000140850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.694{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30a9c88667b8fec2021-12-17 11:40:47.694root 11241100x8000000000000000140851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.694{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03a299278550c662021-12-17 11:40:47.694root 11241100x8000000000000000140852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.694{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcacaf6968d3d8b2021-12-17 11:40:47.694root 11241100x8000000000000000140853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.694{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b9edbf9a5074db2021-12-17 11:40:47.694root 11241100x8000000000000000140854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.694{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0056b7184e3efbc2021-12-17 11:40:47.694root 11241100x8000000000000000140855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.694{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5c9fd786e3779d2021-12-17 11:40:47.694root 11241100x8000000000000000140856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.694{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13716f2231f227ea2021-12-17 11:40:47.694root 11241100x8000000000000000140857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.695{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07726fff421c09862021-12-17 11:40:47.695root 11241100x8000000000000000140858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.695{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb82fd8b450dd932021-12-17 11:40:47.695root 11241100x8000000000000000140859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.695{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cb52e0ac6969bd2021-12-17 11:40:47.695root 11241100x8000000000000000140860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.698{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebf4268a562b5462021-12-17 11:40:47.698root 11241100x8000000000000000140861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.699{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d10c9a86a5923322021-12-17 11:40:47.699root 11241100x8000000000000000140862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.699{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2ea249f0b678a32021-12-17 11:40:47.699root 11241100x8000000000000000140863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.699{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3de04a9dc9d7db2021-12-17 11:40:47.699root 11241100x8000000000000000140864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.699{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6edb851f553a2882021-12-17 11:40:47.699root 11241100x8000000000000000140865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.699{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385f633dbdad618d2021-12-17 11:40:47.699root 11241100x8000000000000000140866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.699{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32860bc7a304b7b2021-12-17 11:40:47.699root 11241100x8000000000000000140867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.699{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b656e31510e5cf912021-12-17 11:40:47.699root 11241100x8000000000000000140868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.699{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d4c361c81026972021-12-17 11:40:47.699root 11241100x8000000000000000140869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.699{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ab28324b7757812021-12-17 11:40:47.699root 11241100x8000000000000000140870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.699{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa773bb03b7773f2021-12-17 11:40:47.699root 11241100x8000000000000000140871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.700{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d24a35d4a552452021-12-17 11:40:47.700root 11241100x8000000000000000140872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.700{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236f19632febaea12021-12-17 11:40:47.700root 11241100x8000000000000000140873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.700{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7b18d2e8edd6932021-12-17 11:40:47.700root 11241100x8000000000000000140874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.700{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc52c91b24c6461c2021-12-17 11:40:47.700root 11241100x8000000000000000140875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.700{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfca4b0d9e8aabd62021-12-17 11:40:47.700root 11241100x8000000000000000140876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.700{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b16618c8ab484f92021-12-17 11:40:47.700root 11241100x8000000000000000140877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.700{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c96df126c7ee1d2021-12-17 11:40:47.700root 11241100x8000000000000000140878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.700{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3addc5b981985aa52021-12-17 11:40:47.700root 11241100x8000000000000000140879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.700{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7192f18a37ef809c2021-12-17 11:40:47.700root 11241100x8000000000000000140880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.700{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e55dc4bf77695f32021-12-17 11:40:47.700root 11241100x8000000000000000140881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.700{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c866749e9b74eee92021-12-17 11:40:47.700root 11241100x8000000000000000140882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.701{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258a93f609e9926d2021-12-17 11:40:47.701root 11241100x8000000000000000140883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.701{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb063c0ab74ebf32021-12-17 11:40:47.701root 11241100x8000000000000000140884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.701{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc04172c098073c2021-12-17 11:40:47.701root 11241100x8000000000000000140885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.701{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6043bf2790b90efc2021-12-17 11:40:47.701root 11241100x8000000000000000140886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.701{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282768ac404f90022021-12-17 11:40:47.701root 11241100x8000000000000000140887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.701{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4012c8250c15c212021-12-17 11:40:47.701root 11241100x8000000000000000140888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.701{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160875fd8d8930f02021-12-17 11:40:47.701root 11241100x8000000000000000140889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.701{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2083946a0e953c142021-12-17 11:40:47.701root 11241100x8000000000000000140890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.701{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8abfe2156bcd082021-12-17 11:40:47.701root 11241100x8000000000000000140891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.701{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6746d8ea9faa4e82021-12-17 11:40:47.701root 11241100x8000000000000000140892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.701{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf95550daa84ad02021-12-17 11:40:47.701root 11241100x8000000000000000140893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.702{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9224ed870d31125d2021-12-17 11:40:47.702root 11241100x8000000000000000140894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.702{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22881f4f542bec42021-12-17 11:40:47.702root 11241100x8000000000000000140895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.702{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3c4367fb17a39a2021-12-17 11:40:47.702root 11241100x8000000000000000140896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.702{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d00f82bcae210ed2021-12-17 11:40:47.702root 11241100x8000000000000000140897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.703{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa3ba669fa18aa52021-12-17 11:40:47.703root 11241100x8000000000000000140898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.703{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575aa5a5cb1c7bba2021-12-17 11:40:47.703root 11241100x8000000000000000140899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.703{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27a0e0082858a272021-12-17 11:40:47.703root 11241100x8000000000000000140900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.703{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6caf938ce6a21a92021-12-17 11:40:47.703root 11241100x8000000000000000140901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.703{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd52cf489989ef922021-12-17 11:40:47.703root 11241100x8000000000000000140902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.704{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43ad350f0c74e8b2021-12-17 11:40:47.704root 11241100x8000000000000000140903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.706{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6624e97bb0484e0b2021-12-17 11:40:47.706root 11241100x8000000000000000140904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.706{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068791de0b93eb672021-12-17 11:40:47.706root 11241100x8000000000000000140905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.706{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbed24a087af4b52021-12-17 11:40:47.706root 11241100x8000000000000000140906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.706{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cad1a5643a98ce2021-12-17 11:40:47.706root 11241100x8000000000000000140907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.706{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264a68a40bd9454e2021-12-17 11:40:47.706root 11241100x8000000000000000140908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.706{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09f4620d6aae69b2021-12-17 11:40:47.706root 11241100x8000000000000000140909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.706{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f5245dc035b0d82021-12-17 11:40:47.706root 11241100x8000000000000000140910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbf6d59aad3b93c2021-12-17 11:40:47.707root 11241100x8000000000000000140911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afe3fce67ebc0002021-12-17 11:40:47.707root 11241100x8000000000000000140912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cd6229b65a27f42021-12-17 11:40:47.707root 11241100x8000000000000000140913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115d0312a15007462021-12-17 11:40:47.707root 11241100x8000000000000000140914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46867d14008d59212021-12-17 11:40:47.707root 11241100x8000000000000000140915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24620905c68bf99d2021-12-17 11:40:47.707root 11241100x8000000000000000140916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2199ee18ceb70e2f2021-12-17 11:40:47.707root 11241100x8000000000000000140917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cbd53baa7319b02021-12-17 11:40:47.707root 11241100x8000000000000000140918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f52914b54ec7012021-12-17 11:40:47.707root 11241100x8000000000000000140919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edda33363570fadc2021-12-17 11:40:47.707root 11241100x8000000000000000140920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ae3d41dc8249742021-12-17 11:40:47.707root 11241100x8000000000000000140921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.707{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbf7a22b72698b72021-12-17 11:40:47.707root 11241100x8000000000000000140922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.708{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b11d0d7db2d1ee2021-12-17 11:40:47.708root 11241100x8000000000000000140923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.708{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b087f0a125afdd2021-12-17 11:40:47.708root 11241100x8000000000000000140924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.708{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90008ca12fba552d2021-12-17 11:40:47.708root 11241100x8000000000000000140925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.708{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd264eb124c5fc292021-12-17 11:40:47.708root 11241100x8000000000000000140926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.708{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d02c7bfecb8f9a2021-12-17 11:40:47.708root 11241100x8000000000000000140927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.709{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23385c3eb66c80782021-12-17 11:40:47.709root 11241100x8000000000000000140928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.709{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fd03b40dc01eb42021-12-17 11:40:47.709root 11241100x8000000000000000140929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.709{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2caade393436712021-12-17 11:40:47.709root 11241100x8000000000000000140930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.709{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c76b6c282dfe1d2021-12-17 11:40:47.709root 11241100x8000000000000000140931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.709{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c47a6ce51b8edc2021-12-17 11:40:47.709root 11241100x8000000000000000140932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.709{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23f8e7c791c1f232021-12-17 11:40:47.709root 11241100x8000000000000000140933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.709{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972b55a47e45077e2021-12-17 11:40:47.709root 11241100x8000000000000000140934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.709{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbda51aa59d744a2021-12-17 11:40:47.709root 11241100x8000000000000000140935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.710{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce1fd0f6f65133f2021-12-17 11:40:47.710root 11241100x8000000000000000140936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.710{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914048707a6ef6742021-12-17 11:40:47.710root 11241100x8000000000000000140937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.710{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76cdbfc9efa3d222021-12-17 11:40:47.710root 11241100x8000000000000000140938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.710{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b2ddfd42b4a6992021-12-17 11:40:47.710root 11241100x8000000000000000140939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.710{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aac4dcc624d0f62021-12-17 11:40:47.710root 11241100x8000000000000000140940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.710{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28b29901332479b2021-12-17 11:40:47.710root 11241100x8000000000000000140941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.710{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbde75f9a622d8772021-12-17 11:40:47.710root 11241100x8000000000000000140942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.710{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24880600ea3a0e82021-12-17 11:40:47.710root 11241100x8000000000000000140943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.710{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649f0bd30f5ef21f2021-12-17 11:40:47.710root 11241100x8000000000000000140944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.710{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687c4020776d1e602021-12-17 11:40:47.710root 11241100x8000000000000000140945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.711{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2bc43937e258ca2021-12-17 11:40:47.711root 11241100x8000000000000000140946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.711{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff853a737b16a8342021-12-17 11:40:47.711root 11241100x8000000000000000140947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.711{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87470c68d15672f82021-12-17 11:40:47.711root 11241100x8000000000000000140948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.711{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f0f46e6cfdc8572021-12-17 11:40:47.711root 11241100x8000000000000000140949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.711{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727ccb75bb1a03a12021-12-17 11:40:47.711root 11241100x8000000000000000140950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.712{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050d7eaf2919530d2021-12-17 11:40:47.712root 11241100x8000000000000000140951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.712{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1be58bcc71e90bb2021-12-17 11:40:47.712root 11241100x8000000000000000140952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.712{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37763f57b05e3f452021-12-17 11:40:47.712root 11241100x8000000000000000140953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.712{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4eab389bb1ef8b2021-12-17 11:40:47.712root 11241100x8000000000000000140954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.712{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166af76cd0076eb72021-12-17 11:40:47.712root 11241100x8000000000000000140955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.712{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88e41b55a92fec32021-12-17 11:40:47.712root 11241100x8000000000000000140956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.712{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09703d22abec51662021-12-17 11:40:47.712root 11241100x8000000000000000140957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.712{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f3f38b25c9358f2021-12-17 11:40:47.712root 11241100x8000000000000000140958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.712{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffd1684bcc4d8462021-12-17 11:40:47.712root 11241100x8000000000000000140959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:47.712{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fee67ddab3692212021-12-17 11:40:47.712root 11241100x8000000000000000140960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4003802906a2c6e72021-12-17 11:40:48.056root 11241100x8000000000000000140961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef8367bd32c70e52021-12-17 11:40:48.057root 11241100x8000000000000000140962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1758bf8f2f710a572021-12-17 11:40:48.057root 11241100x8000000000000000140963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fb621ffab36a292021-12-17 11:40:48.057root 11241100x8000000000000000140964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643ba0c002b5686a2021-12-17 11:40:48.057root 11241100x8000000000000000140965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c931c97df233fb462021-12-17 11:40:48.057root 11241100x8000000000000000140966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509a1332dc4067ff2021-12-17 11:40:48.057root 11241100x8000000000000000140967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b1229fbbfae8b02021-12-17 11:40:48.058root 11241100x8000000000000000140968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3167bde999ef24972021-12-17 11:40:48.058root 11241100x8000000000000000140969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08db31325b177862021-12-17 11:40:48.058root 11241100x8000000000000000140970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ad0663cdb60a092021-12-17 11:40:48.058root 11241100x8000000000000000140971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6928a4848658ff2021-12-17 11:40:48.058root 11241100x8000000000000000140972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7139c101172d6b0f2021-12-17 11:40:48.058root 11241100x8000000000000000140973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c07a7294b61f862021-12-17 11:40:48.058root 11241100x8000000000000000140974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa28f64de9d0cc5f2021-12-17 11:40:48.059root 11241100x8000000000000000140975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0b8f4aea75997a2021-12-17 11:40:48.059root 11241100x8000000000000000140976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33703fd9f7252e1e2021-12-17 11:40:48.059root 11241100x8000000000000000140977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9373e2b8963af9142021-12-17 11:40:48.059root 11241100x8000000000000000140978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21df7680e4983bc32021-12-17 11:40:48.059root 11241100x8000000000000000140979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35611a820a9932a2021-12-17 11:40:48.059root 11241100x8000000000000000140980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a52be42bf4646412021-12-17 11:40:48.061root 11241100x8000000000000000140981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3683547196557c1a2021-12-17 11:40:48.061root 11241100x8000000000000000140982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042a788d63079b292021-12-17 11:40:48.061root 11241100x8000000000000000140983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0577eb1f4aed67af2021-12-17 11:40:48.061root 11241100x8000000000000000140984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68bc4479a9247b92021-12-17 11:40:48.061root 11241100x8000000000000000140985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5a5f5cbbbf5c9a2021-12-17 11:40:48.061root 11241100x8000000000000000140986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d375de89e107d0d2021-12-17 11:40:48.061root 11241100x8000000000000000140987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ede7d8a3f30ae382021-12-17 11:40:48.061root 11241100x8000000000000000140988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a75dad1c208b2b2021-12-17 11:40:48.061root 11241100x8000000000000000140989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3892c813832a70a2021-12-17 11:40:48.061root 11241100x8000000000000000140990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87aded1f5dc88472021-12-17 11:40:48.062root 11241100x8000000000000000140991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d68a9c9c8190082021-12-17 11:40:48.062root 11241100x8000000000000000140992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9a174ff16d79b22021-12-17 11:40:48.062root 11241100x8000000000000000140993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbaacbed8c824372021-12-17 11:40:48.062root 11241100x8000000000000000140994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3970ac1c4427ef2021-12-17 11:40:48.062root 11241100x8000000000000000140995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1a05a7da9eac272021-12-17 11:40:48.062root 11241100x8000000000000000140996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa0f31b5968d30a2021-12-17 11:40:48.062root 11241100x8000000000000000140997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf4da45cec145592021-12-17 11:40:48.062root 11241100x8000000000000000140998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f48024dd13063f2021-12-17 11:40:48.063root 11241100x8000000000000000140999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e29ea64d9128e2c2021-12-17 11:40:48.063root 11241100x8000000000000000141000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8fb14a2f82538f2021-12-17 11:40:48.063root 11241100x8000000000000000141001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842f9af498fd6d382021-12-17 11:40:48.063root 11241100x8000000000000000141002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acaa493a0aabe572021-12-17 11:40:48.063root 11241100x8000000000000000141003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d0a99cc06e50752021-12-17 11:40:48.065root 11241100x8000000000000000141004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533412a25734a3ff2021-12-17 11:40:48.065root 11241100x8000000000000000141005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43940d7d3340a9142021-12-17 11:40:48.065root 11241100x8000000000000000141006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f98face173dfe32021-12-17 11:40:48.065root 11241100x8000000000000000141007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b89461e12eea8ac2021-12-17 11:40:48.065root 11241100x8000000000000000141008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1beae7ccfaf49ee2021-12-17 11:40:48.065root 11241100x8000000000000000141009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28955e5ebbfabfd2021-12-17 11:40:48.065root 11241100x8000000000000000141010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0a84b10b5f1d382021-12-17 11:40:48.065root 11241100x8000000000000000141011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5060f0f0fc1aca322021-12-17 11:40:48.066root 11241100x8000000000000000141012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9c86af26f1ab5d2021-12-17 11:40:48.066root 11241100x8000000000000000141013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592b3aefc9829db32021-12-17 11:40:48.066root 11241100x8000000000000000141014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da94ad84ff706152021-12-17 11:40:48.066root 11241100x8000000000000000141015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb9db19f48e3d962021-12-17 11:40:48.066root 11241100x8000000000000000141016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2af909f2f98e782021-12-17 11:40:48.066root 11241100x8000000000000000141017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f33e38e7a8f5a52021-12-17 11:40:48.066root 11241100x8000000000000000141018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6785ccaa801196f82021-12-17 11:40:48.066root 11241100x8000000000000000141019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3be97f21de41202021-12-17 11:40:48.068root 11241100x8000000000000000141020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2302f84545480f2021-12-17 11:40:48.068root 11241100x8000000000000000141021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3185f99cf4ac39c52021-12-17 11:40:48.068root 11241100x8000000000000000141022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d455685180c668b12021-12-17 11:40:48.068root 11241100x8000000000000000141023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1558e1572b816f2021-12-17 11:40:48.068root 11241100x8000000000000000141024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ffd780ed70b0a62021-12-17 11:40:48.069root 11241100x8000000000000000141025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020c995558a6c3e22021-12-17 11:40:48.069root 11241100x8000000000000000141026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b29336a136789c2021-12-17 11:40:48.069root 11241100x8000000000000000141027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f35d320c62420142021-12-17 11:40:48.069root 11241100x8000000000000000141028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbb891143a5e79d2021-12-17 11:40:48.070root 11241100x8000000000000000141029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f28bede0d4695562021-12-17 11:40:48.070root 11241100x8000000000000000141030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538080154f6ef13c2021-12-17 11:40:48.070root 11241100x8000000000000000141031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0649aa1c468460d52021-12-17 11:40:48.070root 11241100x8000000000000000141032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bba5c89df6d4782021-12-17 11:40:48.070root 11241100x8000000000000000141033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a900f45bdc7a1ba12021-12-17 11:40:48.070root 11241100x8000000000000000141034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3023fe5a40a419a52021-12-17 11:40:48.070root 11241100x8000000000000000141035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8158d496bc0788b52021-12-17 11:40:48.070root 11241100x8000000000000000141036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6cca5d863443a02021-12-17 11:40:48.071root 11241100x8000000000000000141037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2328a2814a778092021-12-17 11:40:48.071root 11241100x8000000000000000141038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ebbb77f4d9c8d72021-12-17 11:40:48.071root 11241100x8000000000000000141039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f357d3b4ec99d92021-12-17 11:40:48.071root 11241100x8000000000000000141040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5913438d4e730be32021-12-17 11:40:48.071root 11241100x8000000000000000141041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d118420a9ca19a5b2021-12-17 11:40:48.071root 11241100x8000000000000000141042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c624f1921901dd2021-12-17 11:40:48.071root 11241100x8000000000000000141043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990e233453b62cd82021-12-17 11:40:48.071root 11241100x8000000000000000141044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd215256c8f9535d2021-12-17 11:40:48.071root 11241100x8000000000000000141045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2883bfec728623912021-12-17 11:40:48.071root 11241100x8000000000000000141046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b2745ae78b7d942021-12-17 11:40:48.071root 11241100x8000000000000000141047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53515da323edcc22021-12-17 11:40:48.071root 11241100x8000000000000000141048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86e399adf37af7a2021-12-17 11:40:48.071root 11241100x8000000000000000141049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b231a394afed49842021-12-17 11:40:48.071root 11241100x8000000000000000141050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198209097683f6362021-12-17 11:40:48.071root 11241100x8000000000000000141051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adfd20a7b06c5552021-12-17 11:40:48.071root 11241100x8000000000000000141052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf0e33b40d3d94d2021-12-17 11:40:48.072root 11241100x8000000000000000141053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dec5502519bb252021-12-17 11:40:48.072root 11241100x8000000000000000141054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaab1458ec3e7752021-12-17 11:40:48.072root 11241100x8000000000000000141055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da940f2863a616e2021-12-17 11:40:48.072root 11241100x8000000000000000141056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c04686e594ae3282021-12-17 11:40:48.072root 11241100x8000000000000000141057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca14ba742bd1a39e2021-12-17 11:40:48.072root 11241100x8000000000000000141058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9801799774f95c2021-12-17 11:40:48.072root 11241100x8000000000000000141059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac3f0fae7baf2832021-12-17 11:40:48.072root 11241100x8000000000000000141060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87687ae74168cd92021-12-17 11:40:48.072root 11241100x8000000000000000141061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e4eb669eb675192021-12-17 11:40:48.072root 11241100x8000000000000000141062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ece847598b5bcb2021-12-17 11:40:48.072root 11241100x8000000000000000141063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7b800861db3dbe2021-12-17 11:40:48.072root 11241100x8000000000000000141064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1aaad6ea88244d22021-12-17 11:40:48.072root 11241100x8000000000000000141065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ae595f380e491f2021-12-17 11:40:48.072root 11241100x8000000000000000141066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e862f6c39fd48e7e2021-12-17 11:40:48.072root 11241100x8000000000000000141067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4082c2193b595ab2021-12-17 11:40:48.072root 11241100x8000000000000000141068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb39ff40e18b9462021-12-17 11:40:48.073root 11241100x8000000000000000141069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43aa84863e798d922021-12-17 11:40:48.073root 11241100x8000000000000000141070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094717517a7ad1ec2021-12-17 11:40:48.073root 11241100x8000000000000000141071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7485bf4313acfbe02021-12-17 11:40:48.073root 11241100x8000000000000000141072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b19c2d4fa0fa3562021-12-17 11:40:48.073root 11241100x8000000000000000141073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ad3634be22ff292021-12-17 11:40:48.073root 11241100x8000000000000000141074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4402f6bc142110982021-12-17 11:40:48.073root 11241100x8000000000000000141075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0242ce5c0bc81432021-12-17 11:40:48.073root 11241100x8000000000000000141076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f10939386ddc732021-12-17 11:40:48.073root 11241100x8000000000000000141077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcab21c1bf6f847a2021-12-17 11:40:48.073root 11241100x8000000000000000141078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9b12652a398b762021-12-17 11:40:48.073root 11241100x8000000000000000141079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13369c32053839e12021-12-17 11:40:48.073root 11241100x8000000000000000141080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060eb28f40b435702021-12-17 11:40:48.073root 11241100x8000000000000000141081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c20b0988a6fe48a2021-12-17 11:40:48.073root 11241100x8000000000000000141082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65328712f253d63e2021-12-17 11:40:48.073root 11241100x8000000000000000141083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b0f28adf59ad4d2021-12-17 11:40:48.073root 11241100x8000000000000000141084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59281f703881dd562021-12-17 11:40:48.073root 11241100x8000000000000000141085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd6409f0a92a6de2021-12-17 11:40:48.074root 11241100x8000000000000000141086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017141f56c887d112021-12-17 11:40:48.074root 11241100x8000000000000000141087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4593660446e1592021-12-17 11:40:48.074root 11241100x8000000000000000141088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b31cfc09e3de712021-12-17 11:40:48.074root 11241100x8000000000000000141089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9122fd51c976c12021-12-17 11:40:48.074root 11241100x8000000000000000141090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172dc88b8ff6466a2021-12-17 11:40:48.074root 11241100x8000000000000000141091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ec4c9915aa035c2021-12-17 11:40:48.074root 11241100x8000000000000000141092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a45af16ad6c2e9a2021-12-17 11:40:48.074root 11241100x8000000000000000141093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc38c641ab4e1e712021-12-17 11:40:48.075root 11241100x8000000000000000141094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ff7e54a302e1032021-12-17 11:40:48.075root 11241100x8000000000000000141095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc009a05599a62652021-12-17 11:40:48.075root 11241100x8000000000000000141096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959967432eb390812021-12-17 11:40:48.076root 11241100x8000000000000000141097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6caf7cfce3ea9e312021-12-17 11:40:48.076root 11241100x8000000000000000141098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a642c0c39eb9257e2021-12-17 11:40:48.076root 11241100x8000000000000000141099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f904d4f2d459dbcf2021-12-17 11:40:48.076root 11241100x8000000000000000141100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc2f1591c8cd7af2021-12-17 11:40:48.076root 11241100x8000000000000000141101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2221cb321adc792021-12-17 11:40:48.077root 11241100x8000000000000000141102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0a042cdfde3c132021-12-17 11:40:48.077root 11241100x8000000000000000141103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c790b739e3129b62021-12-17 11:40:48.077root 11241100x8000000000000000141104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf6db39f20931862021-12-17 11:40:48.077root 11241100x8000000000000000141105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ddece6dda73f682021-12-17 11:40:48.077root 11241100x8000000000000000141106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1199b05339b6d72021-12-17 11:40:48.077root 11241100x8000000000000000141107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488313f72f78ab542021-12-17 11:40:48.077root 11241100x8000000000000000141108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fe0e7797f2171e2021-12-17 11:40:48.077root 11241100x8000000000000000141109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a93064f53d0c162021-12-17 11:40:48.077root 11241100x8000000000000000141110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c8014700bfafa62021-12-17 11:40:48.078root 11241100x8000000000000000141111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9851ff03b9737be2021-12-17 11:40:48.078root 11241100x8000000000000000141112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f9c2e57d48d4c92021-12-17 11:40:48.078root 11241100x8000000000000000141113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094a69622a5e71bd2021-12-17 11:40:48.078root 11241100x8000000000000000141114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f444a769c704c82021-12-17 11:40:48.078root 11241100x8000000000000000141115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12569c8f93dff2142021-12-17 11:40:48.078root 11241100x8000000000000000141116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115a4bd57b2ccc062021-12-17 11:40:48.078root 11241100x8000000000000000141117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b270ad65314fe7852021-12-17 11:40:48.078root 11241100x8000000000000000141118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22331a106c3de86e2021-12-17 11:40:48.079root 11241100x8000000000000000141119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65942c0da3534312021-12-17 11:40:48.079root 11241100x8000000000000000141120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1a82d530155fcb2021-12-17 11:40:48.082root 11241100x8000000000000000141121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c088d8a4efbdea022021-12-17 11:40:48.082root 11241100x8000000000000000141122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb4109406fb9b862021-12-17 11:40:48.082root 11241100x8000000000000000141123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06369eb72f6a0aeb2021-12-17 11:40:48.083root 11241100x8000000000000000141124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3412e5948bed8282021-12-17 11:40:48.083root 11241100x8000000000000000141125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eced8193bcfb392021-12-17 11:40:48.083root 11241100x8000000000000000141126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d781594add2a2f42021-12-17 11:40:48.083root 11241100x8000000000000000141127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9209dbe2f78a852021-12-17 11:40:48.085root 11241100x8000000000000000141128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb5d9c52ab6e34b2021-12-17 11:40:48.085root 11241100x8000000000000000141129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afae18c0bc0220512021-12-17 11:40:48.085root 11241100x8000000000000000141130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcce7e798ed802392021-12-17 11:40:48.085root 11241100x8000000000000000141131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de3af2bbab2f6342021-12-17 11:40:48.086root 11241100x8000000000000000141132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f42189a01734c12021-12-17 11:40:48.086root 11241100x8000000000000000141133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dd3af3aa1b68632021-12-17 11:40:48.086root 11241100x8000000000000000141134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c8667836bd0c9d2021-12-17 11:40:48.086root 11241100x8000000000000000141135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3598b04fec2618692021-12-17 11:40:48.086root 11241100x8000000000000000141136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8f179a61aef62b2021-12-17 11:40:48.086root 11241100x8000000000000000141137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68585f029c8c66d2021-12-17 11:40:48.086root 11241100x8000000000000000141138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a211bc56e78928c2021-12-17 11:40:48.086root 11241100x8000000000000000141139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b6c545189210a62021-12-17 11:40:48.086root 11241100x8000000000000000141140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dee8e5169b0c532021-12-17 11:40:48.087root 11241100x8000000000000000141141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a4583d3c9b1b272021-12-17 11:40:48.087root 11241100x8000000000000000141142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81b2c604f9ef8362021-12-17 11:40:48.087root 11241100x8000000000000000141143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e114a768f1420752021-12-17 11:40:48.087root 11241100x8000000000000000141144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366dafe86b16558f2021-12-17 11:40:48.087root 11241100x8000000000000000141145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d183b49822b88f892021-12-17 11:40:48.087root 11241100x8000000000000000141146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba2ad6f57f503032021-12-17 11:40:48.087root 11241100x8000000000000000141147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f257c318da75242021-12-17 11:40:48.087root 11241100x8000000000000000141148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aa3645aaac39082021-12-17 11:40:48.087root 11241100x8000000000000000141149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a311222ba19e382021-12-17 11:40:48.087root 11241100x8000000000000000141150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d39ab93aafb2a812021-12-17 11:40:48.088root 11241100x8000000000000000141151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186c045f155b56b62021-12-17 11:40:48.088root 11241100x8000000000000000141152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5168fffa4546dd9f2021-12-17 11:40:48.088root 11241100x8000000000000000141153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19375be3b233ca12021-12-17 11:40:48.088root 11241100x8000000000000000141154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8c61a96300f1402021-12-17 11:40:48.088root 11241100x8000000000000000141155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1bd51732b61e7c2021-12-17 11:40:48.088root 11241100x8000000000000000141156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7f4486cb6de6932021-12-17 11:40:48.088root 11241100x8000000000000000141157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad7fe490957c2232021-12-17 11:40:48.088root 11241100x8000000000000000141158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b2f42886885ca42021-12-17 11:40:48.088root 11241100x8000000000000000141159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5842cf44551d5e12021-12-17 11:40:48.088root 11241100x8000000000000000141160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85dd6878c97ab4b2021-12-17 11:40:48.088root 11241100x8000000000000000141161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa0737663c036cd2021-12-17 11:40:48.088root 11241100x8000000000000000141162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1a1e411f52ed7f2021-12-17 11:40:48.088root 11241100x8000000000000000141163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.089{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0898a7990e0c3cad2021-12-17 11:40:48.089root 11241100x8000000000000000141164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.089{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea8790bcf8e23b32021-12-17 11:40:48.089root 11241100x8000000000000000141165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.089{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69970e0cf185ed6b2021-12-17 11:40:48.089root 11241100x8000000000000000141166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.089{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143527118b029fc82021-12-17 11:40:48.089root 11241100x8000000000000000141167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.089{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105bfa44963d0792021-12-17 11:40:48.089root 11241100x8000000000000000141168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.089{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f22b8f5c245e6e2021-12-17 11:40:48.089root 11241100x8000000000000000141169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.089{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba70c2bb67331892021-12-17 11:40:48.089root 11241100x8000000000000000141170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.089{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83567aaf83026d62021-12-17 11:40:48.089root 11241100x8000000000000000141171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.089{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764f1b12f95304122021-12-17 11:40:48.089root 11241100x8000000000000000141172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48348b040ff48ee52021-12-17 11:40:48.090root 11241100x8000000000000000141173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49716d1298c8717d2021-12-17 11:40:48.090root 11241100x8000000000000000141174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22e73bf21ea9f412021-12-17 11:40:48.090root 11241100x8000000000000000141175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f9f4c584bc5bd22021-12-17 11:40:48.090root 11241100x8000000000000000141176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e83ed45e71836f22021-12-17 11:40:48.090root 11241100x8000000000000000141177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee06c2208d7ef022021-12-17 11:40:48.090root 11241100x8000000000000000141178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75171a82566a9c9e2021-12-17 11:40:48.090root 11241100x8000000000000000141179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f96597faa5961162021-12-17 11:40:48.090root 11241100x8000000000000000141180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cf2ab9789007132021-12-17 11:40:48.090root 11241100x8000000000000000141181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858357b69f5f4e692021-12-17 11:40:48.091root 11241100x8000000000000000141182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba83149ec5d253732021-12-17 11:40:48.091root 11241100x8000000000000000141183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362c4ecc451e5ed32021-12-17 11:40:48.091root 11241100x8000000000000000141184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad59159bc6e83532021-12-17 11:40:48.091root 11241100x8000000000000000141185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34518d3d51ad9aa42021-12-17 11:40:48.091root 11241100x8000000000000000141186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d9002e5407ee742021-12-17 11:40:48.091root 11241100x8000000000000000141187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a509edcae89d04bc2021-12-17 11:40:48.091root 11241100x8000000000000000141188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320465024781ab572021-12-17 11:40:48.091root 11241100x8000000000000000141189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb93679571f7faa22021-12-17 11:40:48.091root 11241100x8000000000000000141190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a267e139836e0e162021-12-17 11:40:48.091root 11241100x8000000000000000141191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed5d7893c1de6b32021-12-17 11:40:48.091root 11241100x8000000000000000141192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.092{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2ba1d96375a3842021-12-17 11:40:48.092root 11241100x8000000000000000141193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.092{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a593cf8873f8ddbe2021-12-17 11:40:48.092root 11241100x8000000000000000141194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.092{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7127d6aff836c9462021-12-17 11:40:48.092root 11241100x8000000000000000141195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.092{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5eed25ba1bd99392021-12-17 11:40:48.092root 11241100x8000000000000000141196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.092{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e6a4b56a802e812021-12-17 11:40:48.092root 11241100x8000000000000000141197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.092{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717a5abec3cb3ac22021-12-17 11:40:48.092root 11241100x8000000000000000141198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196c91d00bd6e0802021-12-17 11:40:48.093root 11241100x8000000000000000141199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff342c761deadafb2021-12-17 11:40:48.093root 11241100x8000000000000000141200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1f90d811d3a56d2021-12-17 11:40:48.093root 11241100x8000000000000000141201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1bac62e3c74d052021-12-17 11:40:48.093root 11241100x8000000000000000141202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d349d00794bce32021-12-17 11:40:48.093root 11241100x8000000000000000141203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3861ce0bd70f302021-12-17 11:40:48.093root 11241100x8000000000000000141204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86584ce85bb8cf32021-12-17 11:40:48.093root 11241100x8000000000000000141205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc01c20e3d4f2292021-12-17 11:40:48.093root 11241100x8000000000000000141206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.094{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e155bbf89d56a7f72021-12-17 11:40:48.094root 11241100x8000000000000000141207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.094{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d1ed7ec3fcc7ff2021-12-17 11:40:48.094root 11241100x8000000000000000141208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.096{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc18cacf3ee7d06c2021-12-17 11:40:48.096root 11241100x8000000000000000141209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.096{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7035c72785e0341c2021-12-17 11:40:48.096root 11241100x8000000000000000141210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.096{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67db66227a0b14af2021-12-17 11:40:48.096root 11241100x8000000000000000141211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.099{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5810b8126dbd7bc2021-12-17 11:40:48.099root 11241100x8000000000000000141212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.099{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e31a00ae125db02021-12-17 11:40:48.099root 11241100x8000000000000000141213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.099{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae148a6b18999532021-12-17 11:40:48.099root 11241100x8000000000000000141214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.099{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f1d64275be58772021-12-17 11:40:48.099root 11241100x8000000000000000141215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.099{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478df25030030b6f2021-12-17 11:40:48.099root 11241100x8000000000000000141216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.099{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a8f56997f58cdc2021-12-17 11:40:48.099root 11241100x8000000000000000141217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.099{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e865a1f083e3052021-12-17 11:40:48.099root 11241100x8000000000000000141218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.100{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4346993adb32f8382021-12-17 11:40:48.100root 11241100x8000000000000000141219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.100{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561eeeb1073319562021-12-17 11:40:48.100root 11241100x8000000000000000141220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.100{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec18a1ca37d8b0c82021-12-17 11:40:48.100root 11241100x8000000000000000141221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.105{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27015232874b8a992021-12-17 11:40:48.105root 11241100x8000000000000000141222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.105{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac186a643f2b3e5e2021-12-17 11:40:48.105root 11241100x8000000000000000141223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.106{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb670b81a49b2a682021-12-17 11:40:48.106root 11241100x8000000000000000141224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.106{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ffb33589534d662021-12-17 11:40:48.106root 11241100x8000000000000000141225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.106{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e263135aab419302021-12-17 11:40:48.106root 11241100x8000000000000000141226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.106{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02e35c03a2deaf62021-12-17 11:40:48.106root 11241100x8000000000000000141227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.107{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9420a487b3fcd0512021-12-17 11:40:48.107root 11241100x8000000000000000141228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.108{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec12b4566eb87302021-12-17 11:40:48.108root 11241100x8000000000000000141229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.108{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc914561d78fb8382021-12-17 11:40:48.108root 11241100x8000000000000000141230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.108{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb429bc7518b712d2021-12-17 11:40:48.108root 11241100x8000000000000000141231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.108{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b8b6c86bc824402021-12-17 11:40:48.108root 11241100x8000000000000000141232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.108{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0441b19ef187992021-12-17 11:40:48.108root 11241100x8000000000000000141233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.108{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8ded89ab27a3122021-12-17 11:40:48.108root 11241100x8000000000000000141234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.109{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c41632d7e80bd092021-12-17 11:40:48.109root 11241100x8000000000000000141235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.109{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26670424c7523b742021-12-17 11:40:48.109root 11241100x8000000000000000141236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.110{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8322dcc4b6d7cf2021-12-17 11:40:48.110root 11241100x8000000000000000141237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.110{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef95c63523875102021-12-17 11:40:48.110root 11241100x8000000000000000141238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.110{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef81d69cb2dd80f22021-12-17 11:40:48.110root 11241100x8000000000000000141239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.110{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280fc32c5ac261132021-12-17 11:40:48.110root 11241100x8000000000000000141240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.110{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa5b4cb3024a2d72021-12-17 11:40:48.110root 11241100x8000000000000000141241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.110{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58482ca93fedef222021-12-17 11:40:48.110root 11241100x8000000000000000141242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.110{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcb527c0196c8442021-12-17 11:40:48.110root 11241100x8000000000000000141243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f831ffe5787093662021-12-17 11:40:48.111root 11241100x8000000000000000141244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1485913ba53f162021-12-17 11:40:48.111root 11241100x8000000000000000141245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca911cc9f64a29272021-12-17 11:40:48.111root 11241100x8000000000000000141246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20b8dd3c7013b832021-12-17 11:40:48.111root 11241100x8000000000000000141247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e70f3da29c155d2021-12-17 11:40:48.111root 11241100x8000000000000000141248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4059e92501b4c42021-12-17 11:40:48.111root 11241100x8000000000000000141249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2760d46100a1bc272021-12-17 11:40:48.111root 11241100x8000000000000000141250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6e255aa7d66acd2021-12-17 11:40:48.111root 11241100x8000000000000000141251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d72ff1e445695a2021-12-17 11:40:48.111root 11241100x8000000000000000141252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729c57947a3ffeb72021-12-17 11:40:48.111root 11241100x8000000000000000141253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ac8a72d50860092021-12-17 11:40:48.111root 11241100x8000000000000000141254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b716a822176f072021-12-17 11:40:48.111root 11241100x8000000000000000141255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c68c11ae1f08ec2021-12-17 11:40:48.111root 11241100x8000000000000000141256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27840ac2e4194e02021-12-17 11:40:48.111root 11241100x8000000000000000141257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe5cff91e9cdcb22021-12-17 11:40:48.112root 11241100x8000000000000000141258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd96b796662eb0f62021-12-17 11:40:48.112root 11241100x8000000000000000141259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a6337d84a4bb202021-12-17 11:40:48.112root 11241100x8000000000000000141260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d631898369a23002021-12-17 11:40:48.112root 11241100x8000000000000000141261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7e319129109cda2021-12-17 11:40:48.112root 11241100x8000000000000000141262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fa5839aaa002cc2021-12-17 11:40:48.112root 11241100x8000000000000000141263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417cb56c3cb3f0892021-12-17 11:40:48.112root 11241100x8000000000000000141264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a251a18f9d3c23e2021-12-17 11:40:48.112root 11241100x8000000000000000141265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8828ed71bee75cd2021-12-17 11:40:48.112root 11241100x8000000000000000141266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810531f9bd3fbf3b2021-12-17 11:40:48.112root 11241100x8000000000000000141267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5987b1945ba2e22021-12-17 11:40:48.112root 11241100x8000000000000000141268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5aa16f10ba2ef02021-12-17 11:40:48.112root 11241100x8000000000000000141269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595abe7a4c46d7262021-12-17 11:40:48.112root 11241100x8000000000000000141270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7818b3c1b07a4a42021-12-17 11:40:48.112root 11241100x8000000000000000141271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24edb88a2c4ce7bb2021-12-17 11:40:48.112root 11241100x8000000000000000141272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c21026fa02ffcb2021-12-17 11:40:48.112root 11241100x8000000000000000141273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca5cfe5ac14b52a2021-12-17 11:40:48.113root 11241100x8000000000000000141274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29db1e992fd12b222021-12-17 11:40:48.113root 11241100x8000000000000000141275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adefc8f68631c1e2021-12-17 11:40:48.113root 11241100x8000000000000000141276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14449025de8d702b2021-12-17 11:40:48.113root 11241100x8000000000000000141277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b91023430aa4a622021-12-17 11:40:48.113root 11241100x8000000000000000141278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f8d3a1f920633f2021-12-17 11:40:48.113root 11241100x8000000000000000141279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67db37ac2bfd1502021-12-17 11:40:48.113root 11241100x8000000000000000141280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.114{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531b68eb9dd0bfc92021-12-17 11:40:48.114root 11241100x8000000000000000141281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.114{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71428c930f8bf7f02021-12-17 11:40:48.114root 11241100x8000000000000000141282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33355e7dfb36b52a2021-12-17 11:40:48.115root 11241100x8000000000000000141283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdd7716b236b8472021-12-17 11:40:48.115root 11241100x8000000000000000141284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2db2378dc2f9de2021-12-17 11:40:48.115root 11241100x8000000000000000141285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a24984e47e62002021-12-17 11:40:48.116root 11241100x8000000000000000141286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8900fcbe197120e2021-12-17 11:40:48.116root 11241100x8000000000000000141287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f160d99b6316b28c2021-12-17 11:40:48.116root 11241100x8000000000000000141288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.117{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374a485a348f6f6c2021-12-17 11:40:48.117root 11241100x8000000000000000141289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.117{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30959fb063cb484c2021-12-17 11:40:48.117root 11241100x8000000000000000141290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.117{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2f00a8c6069f7d2021-12-17 11:40:48.117root 11241100x8000000000000000141291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.118{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9836d84e46b0ab12021-12-17 11:40:48.118root 11241100x8000000000000000141292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.118{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5789caa592259b02021-12-17 11:40:48.118root 11241100x8000000000000000141293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.118{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae723f33a78382ef2021-12-17 11:40:48.118root 11241100x8000000000000000141294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.118{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414ec3ab50fd51e42021-12-17 11:40:48.118root 11241100x8000000000000000141295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.119{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebaba4bc06bd40c2021-12-17 11:40:48.119root 11241100x8000000000000000141296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.119{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61a6c6312253cab2021-12-17 11:40:48.119root 11241100x8000000000000000141297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.119{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f8262d3bf0feb12021-12-17 11:40:48.119root 11241100x8000000000000000141298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.120{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936fb9bb18d6040e2021-12-17 11:40:48.120root 11241100x8000000000000000141299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.120{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83881304313332cc2021-12-17 11:40:48.120root 11241100x8000000000000000141300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.120{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52546ef4a3db7342021-12-17 11:40:48.120root 11241100x8000000000000000141301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.120{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5ed8c22b2305e12021-12-17 11:40:48.120root 11241100x8000000000000000141302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d586f15dc04d4bac2021-12-17 11:40:48.121root 11241100x8000000000000000141303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ae5c14e45065092021-12-17 11:40:48.121root 11241100x8000000000000000141304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bf4ea7ad042bc22021-12-17 11:40:48.121root 11241100x8000000000000000141305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f19aedff511de4a2021-12-17 11:40:48.121root 11241100x8000000000000000141306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981fd05567f3cb332021-12-17 11:40:48.121root 11241100x8000000000000000141307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e260af63cce4463d2021-12-17 11:40:48.122root 11241100x8000000000000000141308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfb45df39a989d72021-12-17 11:40:48.122root 11241100x8000000000000000141309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe6102490d5b9e82021-12-17 11:40:48.122root 11241100x8000000000000000141310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9b567cc5ab80712021-12-17 11:40:48.122root 11241100x8000000000000000141311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22ded922e9bf02c2021-12-17 11:40:48.122root 11241100x8000000000000000141312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.123{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee582ab090c309f52021-12-17 11:40:48.123root 11241100x8000000000000000141313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.123{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a13f5982516ec3a2021-12-17 11:40:48.123root 11241100x8000000000000000141314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.123{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c0162f1605ac622021-12-17 11:40:48.123root 11241100x8000000000000000141315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.123{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a39cb7f9b6456102021-12-17 11:40:48.123root 11241100x8000000000000000141316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.124{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a041bfd8d2df7acc2021-12-17 11:40:48.124root 11241100x8000000000000000141317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.124{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fd6b55d44baebb2021-12-17 11:40:48.124root 11241100x8000000000000000141318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.124{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcec99f3cc2ee802021-12-17 11:40:48.124root 11241100x8000000000000000141319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.124{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dad2ec5f7c7d38a2021-12-17 11:40:48.124root 11241100x8000000000000000141320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.124{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef559cb64dc4d532021-12-17 11:40:48.124root 11241100x8000000000000000141321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.125{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9592f22f42b3a6bb2021-12-17 11:40:48.125root 11241100x8000000000000000141322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.125{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454c7e12ea78d0cb2021-12-17 11:40:48.125root 11241100x8000000000000000141323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.125{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439a65914e06a4f32021-12-17 11:40:48.125root 11241100x8000000000000000141324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.125{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1652c3f1e8ebf0052021-12-17 11:40:48.125root 11241100x8000000000000000141325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.126{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4ce1fcae2e875a2021-12-17 11:40:48.126root 11241100x8000000000000000141326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.126{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83609764f0d063772021-12-17 11:40:48.126root 11241100x8000000000000000141327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.126{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67914bed8e251b132021-12-17 11:40:48.126root 11241100x8000000000000000141328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.126{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf82334286c60c572021-12-17 11:40:48.126root 11241100x8000000000000000141329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.126{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5e17b5a8d493532021-12-17 11:40:48.126root 11241100x8000000000000000141330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.126{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dc505b12313dbf2021-12-17 11:40:48.126root 11241100x8000000000000000141331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.127{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b081440a284de7392021-12-17 11:40:48.127root 11241100x8000000000000000141332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae2e991ab0237912021-12-17 11:40:48.557root 11241100x8000000000000000141333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6feac6d279bb838f2021-12-17 11:40:48.557root 11241100x8000000000000000141334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedfb59817dcb61a2021-12-17 11:40:48.557root 11241100x8000000000000000141335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bf0e71831a6af62021-12-17 11:40:48.557root 11241100x8000000000000000141336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1c095c2c4b02532021-12-17 11:40:48.557root 11241100x8000000000000000141337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8369d3a98f3df1032021-12-17 11:40:48.557root 11241100x8000000000000000141338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca484cf853593372021-12-17 11:40:48.557root 11241100x8000000000000000141339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a0e8b05266bb582021-12-17 11:40:48.557root 11241100x8000000000000000141340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fee29708c55d7462021-12-17 11:40:48.557root 11241100x8000000000000000141341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714a20c391e4b7c72021-12-17 11:40:48.558root 11241100x8000000000000000141342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3558d76237adf5b2021-12-17 11:40:48.558root 11241100x8000000000000000141343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af00f83de65753312021-12-17 11:40:48.558root 11241100x8000000000000000141344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd65c37d54f2e7022021-12-17 11:40:48.558root 11241100x8000000000000000141345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a1c0c5e9bed2432021-12-17 11:40:48.558root 11241100x8000000000000000141346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f9c3d93bf869c42021-12-17 11:40:48.558root 11241100x8000000000000000141347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c03a909c5e398d2021-12-17 11:40:48.558root 11241100x8000000000000000141348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4044e7f00e5247f2021-12-17 11:40:48.558root 11241100x8000000000000000141349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33efda06508a54ac2021-12-17 11:40:48.559root 11241100x8000000000000000141350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fed85737017d272021-12-17 11:40:48.559root 11241100x8000000000000000141351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7ed898873a418d2021-12-17 11:40:48.559root 11241100x8000000000000000141352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2410b0335aae287e2021-12-17 11:40:48.559root 11241100x8000000000000000141353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c561bc806a1abff62021-12-17 11:40:48.559root 11241100x8000000000000000141354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abdfe3423f0b00d2021-12-17 11:40:48.559root 11241100x8000000000000000141355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29dc4e790c1e7572021-12-17 11:40:48.559root 11241100x8000000000000000141356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be73510274b29d62021-12-17 11:40:48.559root 11241100x8000000000000000141357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b65a6ab709b31102021-12-17 11:40:48.559root 11241100x8000000000000000141358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14671388a9670cc12021-12-17 11:40:48.559root 11241100x8000000000000000141359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558e51c537d1010a2021-12-17 11:40:48.559root 11241100x8000000000000000141360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de40681d9f16963b2021-12-17 11:40:48.560root 11241100x8000000000000000141361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c660661aaadbcb532021-12-17 11:40:48.560root 11241100x8000000000000000141362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee86d82d046b4ef2021-12-17 11:40:48.560root 11241100x8000000000000000141363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87895b0db75caa0d2021-12-17 11:40:48.560root 11241100x8000000000000000141364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5f783f453269a02021-12-17 11:40:48.561root 11241100x8000000000000000141365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87cbb7f7cf10da82021-12-17 11:40:48.561root 11241100x8000000000000000141366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0cc59a3f5a51432021-12-17 11:40:48.561root 11241100x8000000000000000141367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e514e369806c24422021-12-17 11:40:48.561root 11241100x8000000000000000141368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb212aed15b399ce2021-12-17 11:40:48.561root 11241100x8000000000000000141369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac000d7f55930e52021-12-17 11:40:48.562root 11241100x8000000000000000141370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07ec532bac3ccf12021-12-17 11:40:48.562root 11241100x8000000000000000141371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fc90660aaccf742021-12-17 11:40:48.562root 11241100x8000000000000000141372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b640610ea73592c52021-12-17 11:40:48.562root 11241100x8000000000000000141373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d12fbdc90a57552021-12-17 11:40:48.562root 11241100x8000000000000000141374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc4283881885f7f2021-12-17 11:40:48.562root 11241100x8000000000000000141375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f54035d5f72cb182021-12-17 11:40:48.562root 11241100x8000000000000000141376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acc1c56e4c818372021-12-17 11:40:48.562root 11241100x8000000000000000141377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee38e133b52981b2021-12-17 11:40:48.562root 11241100x8000000000000000141378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05f19af5a2d30c72021-12-17 11:40:48.562root 11241100x8000000000000000141379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0f3ec3c4dda7d12021-12-17 11:40:48.562root 11241100x8000000000000000141380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffebffad86f7ef3e2021-12-17 11:40:48.562root 11241100x8000000000000000141381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9653abed48f155d22021-12-17 11:40:48.563root 11241100x8000000000000000141382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db23cdde4e4e897b2021-12-17 11:40:48.563root 11241100x8000000000000000141383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693d70a9fff0b88a2021-12-17 11:40:48.563root 11241100x8000000000000000141384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f570113efe8cce32021-12-17 11:40:48.563root 11241100x8000000000000000141385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8c79deb72bb46e2021-12-17 11:40:48.563root 11241100x8000000000000000141386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf97c2db5ed8d5f2021-12-17 11:40:48.563root 11241100x8000000000000000141387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ce8145cd60a5542021-12-17 11:40:48.563root 11241100x8000000000000000141388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4beef91f5d2ee32021-12-17 11:40:48.564root 11241100x8000000000000000141389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7cae2ae165384b2021-12-17 11:40:48.564root 11241100x8000000000000000141390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d840424715b4c9ff2021-12-17 11:40:48.564root 11241100x8000000000000000141391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ae57bc1a47309a2021-12-17 11:40:48.564root 11241100x8000000000000000141392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42188c07453836cb2021-12-17 11:40:48.564root 11241100x8000000000000000141393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b3b447272e51662021-12-17 11:40:48.564root 11241100x8000000000000000141394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b405b65398569e2021-12-17 11:40:48.564root 11241100x8000000000000000141395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe92096ed658448b2021-12-17 11:40:48.564root 11241100x8000000000000000141396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6ce5b46bf3e7912021-12-17 11:40:48.564root 11241100x8000000000000000141397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59145c72652d1bf12021-12-17 11:40:48.564root 11241100x8000000000000000141398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a05d5f6ea6d7a012021-12-17 11:40:48.564root 11241100x8000000000000000141399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea3ea437fea860e2021-12-17 11:40:48.564root 11241100x8000000000000000141400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f515fca13759762021-12-17 11:40:48.564root 11241100x8000000000000000141401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f673d240407ec51d2021-12-17 11:40:48.565root 11241100x8000000000000000141402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2a0254931b66f92021-12-17 11:40:48.565root 11241100x8000000000000000141403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c859435892c027c2021-12-17 11:40:48.565root 11241100x8000000000000000141404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71688249504b93572021-12-17 11:40:48.565root 11241100x8000000000000000141405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa4e098129a9fcb2021-12-17 11:40:48.565root 11241100x8000000000000000141406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fce60447767cbf2021-12-17 11:40:48.565root 11241100x8000000000000000141407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1725dc473ccee4fd2021-12-17 11:40:48.566root 11241100x8000000000000000141408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02669b859482c3212021-12-17 11:40:48.566root 11241100x8000000000000000141409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d19c3311522734a2021-12-17 11:40:48.567root 11241100x8000000000000000141410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e254d60aa8d6db4b2021-12-17 11:40:48.568root 11241100x8000000000000000141411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdab775dde566f62021-12-17 11:40:48.568root 11241100x8000000000000000141412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef83c1284429678b2021-12-17 11:40:48.568root 11241100x8000000000000000141413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0023086e442b3e2f2021-12-17 11:40:48.568root 11241100x8000000000000000141414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98c186e907fa55f2021-12-17 11:40:48.568root 11241100x8000000000000000141415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71aca502b6a347392021-12-17 11:40:48.568root 11241100x8000000000000000141416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7bd6485d371cef2021-12-17 11:40:48.568root 11241100x8000000000000000141417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73dc0f64667a1a52021-12-17 11:40:48.568root 11241100x8000000000000000141418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871daefa2e6479892021-12-17 11:40:48.568root 11241100x8000000000000000141419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2ec363193c22e62021-12-17 11:40:48.568root 11241100x8000000000000000141420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7d68ee1a7a55f32021-12-17 11:40:48.568root 11241100x8000000000000000141421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635087ab5a91dc6a2021-12-17 11:40:48.568root 11241100x8000000000000000141422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625c21ec5d5931b32021-12-17 11:40:48.568root 11241100x8000000000000000141423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b348775d70d30d6e2021-12-17 11:40:48.568root 11241100x8000000000000000141424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42356e11fa64b4262021-12-17 11:40:48.569root 11241100x8000000000000000141425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f6a4353305c3d82021-12-17 11:40:48.569root 11241100x8000000000000000141426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bd9d4229be42352021-12-17 11:40:48.569root 11241100x8000000000000000141427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45ced03a8c33a2b2021-12-17 11:40:48.569root 11241100x8000000000000000141428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ec6644929235042021-12-17 11:40:48.570root 11241100x8000000000000000141429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a3ed82737789492021-12-17 11:40:48.570root 11241100x8000000000000000141430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc069c1521485752021-12-17 11:40:48.570root 11241100x8000000000000000141431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81d1733eb4d0a472021-12-17 11:40:48.570root 11241100x8000000000000000141432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adb10412a588d862021-12-17 11:40:48.570root 11241100x8000000000000000141433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21da7aeb6ef1d022021-12-17 11:40:48.570root 11241100x8000000000000000141434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1733bd1057f003a32021-12-17 11:40:48.570root 11241100x8000000000000000141435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18d4b45d96856532021-12-17 11:40:48.570root 11241100x8000000000000000141436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffd983668fd4b032021-12-17 11:40:48.570root 11241100x8000000000000000141437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb1a020703ff51d2021-12-17 11:40:48.570root 11241100x8000000000000000141438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862357f475571d792021-12-17 11:40:48.570root 11241100x8000000000000000141439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f07c55784d820b2021-12-17 11:40:48.570root 11241100x8000000000000000141440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4f2b7c307eef8c2021-12-17 11:40:48.571root 11241100x8000000000000000141441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c677ceb78c440ac2021-12-17 11:40:48.571root 11241100x8000000000000000141442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ece5ac565e46472021-12-17 11:40:48.571root 11241100x8000000000000000141443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df50cc9fa8bbd832021-12-17 11:40:48.571root 11241100x8000000000000000141444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed573b04765586f2021-12-17 11:40:48.571root 11241100x8000000000000000141445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b60c989e10addd2021-12-17 11:40:48.571root 11241100x8000000000000000141446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0408f3a02275ac512021-12-17 11:40:48.571root 11241100x8000000000000000141447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba41c0ef18e53692021-12-17 11:40:48.571root 11241100x8000000000000000141448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b15db64d3a743c2021-12-17 11:40:48.571root 11241100x8000000000000000141449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22d68cc46773f582021-12-17 11:40:48.571root 11241100x8000000000000000141450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb81a5924c89ebf2021-12-17 11:40:48.571root 11241100x8000000000000000141451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c344c523fc71422021-12-17 11:40:48.572root 11241100x8000000000000000141452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd2a370f2a8ce7b2021-12-17 11:40:48.572root 11241100x8000000000000000141453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c76770175036282021-12-17 11:40:48.572root 11241100x8000000000000000141454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21c2c7d31ec5dfa2021-12-17 11:40:48.572root 11241100x8000000000000000141455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a016cee4d6fbd5a12021-12-17 11:40:48.572root 11241100x8000000000000000141456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fd8ebe41726eb32021-12-17 11:40:48.572root 11241100x8000000000000000141457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e03b79d04c56402021-12-17 11:40:48.572root 11241100x8000000000000000141458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efba17d1e76a4902021-12-17 11:40:48.572root 11241100x8000000000000000141459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919fc88a0173e52a2021-12-17 11:40:48.572root 11241100x8000000000000000141460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42594916543e6d9e2021-12-17 11:40:48.572root 11241100x8000000000000000141461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20da9cfb08e850aa2021-12-17 11:40:48.572root 11241100x8000000000000000141462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f05a87ea58d0662021-12-17 11:40:48.572root 11241100x8000000000000000141463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763a4a2f988d08da2021-12-17 11:40:48.572root 11241100x8000000000000000141464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82519a1e4847a34b2021-12-17 11:40:48.573root 11241100x8000000000000000141465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87683316c0965e372021-12-17 11:40:48.573root 11241100x8000000000000000141466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08cbd0bae9fe1482021-12-17 11:40:48.573root 11241100x8000000000000000141467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054ac94cafd0ab722021-12-17 11:40:48.573root 11241100x8000000000000000141468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1081df6e2d82c48d2021-12-17 11:40:48.573root 11241100x8000000000000000141469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f287e7ae403f9db2021-12-17 11:40:48.573root 11241100x8000000000000000141470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810ccc74b50754872021-12-17 11:40:48.573root 11241100x8000000000000000141471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4659edc6bb2315072021-12-17 11:40:48.573root 11241100x8000000000000000141472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586db9362ad3d25f2021-12-17 11:40:48.573root 11241100x8000000000000000141473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11b28b4b063d5de2021-12-17 11:40:48.573root 11241100x8000000000000000141474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15911f948658cd772021-12-17 11:40:48.573root 11241100x8000000000000000141475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f8ce20e39c14862021-12-17 11:40:48.573root 11241100x8000000000000000141476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60837194030072302021-12-17 11:40:48.573root 11241100x8000000000000000141477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfd724ef43960d52021-12-17 11:40:48.573root 11241100x8000000000000000141478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d99c40582af31b2021-12-17 11:40:48.574root 11241100x8000000000000000141479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6231f355da80e4692021-12-17 11:40:48.574root 11241100x8000000000000000141480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c545911114103b9b2021-12-17 11:40:48.574root 11241100x8000000000000000141481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e80fc1fc03fd3b2021-12-17 11:40:48.574root 11241100x8000000000000000141482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69394d4bebed2c632021-12-17 11:40:48.574root 11241100x8000000000000000141483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc5042e0e87619c2021-12-17 11:40:48.574root 11241100x8000000000000000141484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42befd42a4b33712021-12-17 11:40:48.574root 11241100x8000000000000000141485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff3af16e8b974792021-12-17 11:40:48.574root 11241100x8000000000000000141486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a650677a1a43c922021-12-17 11:40:48.574root 11241100x8000000000000000141487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137894435a383522021-12-17 11:40:48.574root 11241100x8000000000000000141488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.575{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc38ab7e09163ab2021-12-17 11:40:48.575root 11241100x8000000000000000141489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:48.575{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1ce6bf43f593bd2021-12-17 11:40:48.575root 11241100x8000000000000000141490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd483edcab5f84092021-12-17 11:40:49.058root 11241100x8000000000000000141491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0ade236a0d66472021-12-17 11:40:49.058root 11241100x8000000000000000141492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288f64629a9d9b612021-12-17 11:40:49.058root 11241100x8000000000000000141493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e3604df164b78b2021-12-17 11:40:49.058root 11241100x8000000000000000141494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3bbfe5348174652021-12-17 11:40:49.059root 11241100x8000000000000000141495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bec305378a421b12021-12-17 11:40:49.059root 11241100x8000000000000000141496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a96e868da804072021-12-17 11:40:49.059root 11241100x8000000000000000141497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1084b015290cb2812021-12-17 11:40:49.059root 11241100x8000000000000000141498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09bff33e29bb7372021-12-17 11:40:49.059root 11241100x8000000000000000141499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09180db83b06223f2021-12-17 11:40:49.059root 11241100x8000000000000000141500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313f79faef56147a2021-12-17 11:40:49.059root 11241100x8000000000000000141501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e37905826dc12d42021-12-17 11:40:49.059root 11241100x8000000000000000141502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bf380ce416b70b2021-12-17 11:40:49.061root 11241100x8000000000000000141503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d43438f1da3a312021-12-17 11:40:49.061root 11241100x8000000000000000141504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3432f8c89da0040b2021-12-17 11:40:49.061root 11241100x8000000000000000141505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192d902d79e908d12021-12-17 11:40:49.061root 11241100x8000000000000000141506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3548b59ad5e6c28e2021-12-17 11:40:49.061root 11241100x8000000000000000141507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a28cd8cfecbe1ea2021-12-17 11:40:49.062root 11241100x8000000000000000141508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c5d5e04e1843d82021-12-17 11:40:49.062root 11241100x8000000000000000141509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4654429f90045aa2021-12-17 11:40:49.062root 11241100x8000000000000000141510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936d1030cbbca0252021-12-17 11:40:49.062root 11241100x8000000000000000141511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92647b73802a3f2c2021-12-17 11:40:49.062root 11241100x8000000000000000141512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd96a923469c98c12021-12-17 11:40:49.062root 11241100x8000000000000000141513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8161af348a00b6682021-12-17 11:40:49.062root 11241100x8000000000000000141514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde60fa06cd8bcf12021-12-17 11:40:49.064root 11241100x8000000000000000141515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e0c6690bb808f2021-12-17 11:40:49.064root 11241100x8000000000000000141516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389399b3ab860a482021-12-17 11:40:49.064root 11241100x8000000000000000141517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6633e4fa8ac070a2021-12-17 11:40:49.064root 11241100x8000000000000000141518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d625e4d4165e5bf92021-12-17 11:40:49.064root 11241100x8000000000000000141519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7e197bb1054dba2021-12-17 11:40:49.064root 11241100x8000000000000000141520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e33866c437a38342021-12-17 11:40:49.064root 11241100x8000000000000000141521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cd944d46c182482021-12-17 11:40:49.065root 11241100x8000000000000000141522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f201d9f6df45832021-12-17 11:40:49.065root 11241100x8000000000000000141523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f067169b0fd903c32021-12-17 11:40:49.065root 11241100x8000000000000000141524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56100a8d43dfc4092021-12-17 11:40:49.065root 11241100x8000000000000000141525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c1f079bb8154132021-12-17 11:40:49.065root 11241100x8000000000000000141526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda68a9a35446b402021-12-17 11:40:49.065root 11241100x8000000000000000141527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115c739e3034c04c2021-12-17 11:40:49.065root 11241100x8000000000000000141528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132524848c2431d02021-12-17 11:40:49.065root 11241100x8000000000000000141529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048a70424314ee6f2021-12-17 11:40:49.066root 11241100x8000000000000000141530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab8c92c71ea5bbf2021-12-17 11:40:49.066root 11241100x8000000000000000141531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e145e3dbd2e07bc2021-12-17 11:40:49.066root 11241100x8000000000000000141532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6f5a5ae85b863b2021-12-17 11:40:49.066root 11241100x8000000000000000141533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0c94a427cabfed2021-12-17 11:40:49.067root 11241100x8000000000000000141534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bdee5e557151232021-12-17 11:40:49.067root 11241100x8000000000000000141535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210ca127ddabddbc2021-12-17 11:40:49.067root 11241100x8000000000000000141536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019dcfeef4bc73ca2021-12-17 11:40:49.067root 11241100x8000000000000000141537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53d7ac91947c8e62021-12-17 11:40:49.067root 11241100x8000000000000000141538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcbc0d24cbf7c8d2021-12-17 11:40:49.067root 11241100x8000000000000000141539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c288032be55f4b2021-12-17 11:40:49.069root 11241100x8000000000000000141540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897fe280f4fc4f462021-12-17 11:40:49.069root 11241100x8000000000000000141541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc208a7cf10f1c82021-12-17 11:40:49.069root 11241100x8000000000000000141542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312439f3352713192021-12-17 11:40:49.069root 11241100x8000000000000000141543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d66852f5bad5f82021-12-17 11:40:49.069root 11241100x8000000000000000141544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8d22d7f10bed662021-12-17 11:40:49.069root 11241100x8000000000000000141545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ec0dcfbde3c0352021-12-17 11:40:49.069root 11241100x8000000000000000141546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5938c7600646cad02021-12-17 11:40:49.071root 11241100x8000000000000000141547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfcca148e50901a2021-12-17 11:40:49.071root 11241100x8000000000000000141548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9436576bdd28532021-12-17 11:40:49.071root 11241100x8000000000000000141549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b00c5c7526715922021-12-17 11:40:49.071root 11241100x8000000000000000141550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78358943f7d0ec842021-12-17 11:40:49.071root 11241100x8000000000000000141551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18426e76086edf792021-12-17 11:40:49.071root 11241100x8000000000000000141552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecddd5784e6e9c132021-12-17 11:40:49.071root 11241100x8000000000000000141553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acfdb6da5f92c722021-12-17 11:40:49.072root 11241100x8000000000000000141554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e74613dca9ce7d72021-12-17 11:40:49.072root 11241100x8000000000000000141555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84255172b678d0dc2021-12-17 11:40:49.072root 11241100x8000000000000000141556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33eed4178e4957682021-12-17 11:40:49.072root 11241100x8000000000000000141557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f47712ebba0a022021-12-17 11:40:49.072root 11241100x8000000000000000141558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9295bdaa8e7524b72021-12-17 11:40:49.072root 11241100x8000000000000000141559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d8efd195c538182021-12-17 11:40:49.072root 11241100x8000000000000000141560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f11ba72dafe58d32021-12-17 11:40:49.073root 11241100x8000000000000000141561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ef1b3e64b1297e2021-12-17 11:40:49.074root 11241100x8000000000000000141562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479308d6f7e7a6b92021-12-17 11:40:49.074root 11241100x8000000000000000141563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f33aa70657e0142021-12-17 11:40:49.074root 11241100x8000000000000000141564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9eed9b58d930772021-12-17 11:40:49.074root 11241100x8000000000000000141565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085bd8054e53bd352021-12-17 11:40:49.074root 11241100x8000000000000000141566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668706e02b3533ae2021-12-17 11:40:49.074root 11241100x8000000000000000141567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86aabb33b71961fa2021-12-17 11:40:49.074root 11241100x8000000000000000141568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09e4d6e530ed5942021-12-17 11:40:49.076root 11241100x8000000000000000141569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4b07ea6e7c4eae2021-12-17 11:40:49.076root 11241100x8000000000000000141570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df88a43deb3693392021-12-17 11:40:49.076root 11241100x8000000000000000141571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe4836ba2048c602021-12-17 11:40:49.076root 11241100x8000000000000000141572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715a8df08f9397a32021-12-17 11:40:49.076root 11241100x8000000000000000141573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b57d2a1968a6cba2021-12-17 11:40:49.076root 11241100x8000000000000000141574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4352165363d4e132021-12-17 11:40:49.077root 11241100x8000000000000000141575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f24b39aa13c5cc12021-12-17 11:40:49.077root 11241100x8000000000000000141576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc911c14fc9471c2021-12-17 11:40:49.077root 11241100x8000000000000000141577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73a91fba68e4ff02021-12-17 11:40:49.077root 11241100x8000000000000000141578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede31bf9573cc8302021-12-17 11:40:49.077root 11241100x8000000000000000141579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7519c2e6d5953a62021-12-17 11:40:49.078root 11241100x8000000000000000141580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2ad4fba3d3e0332021-12-17 11:40:49.078root 11241100x8000000000000000141581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cad793e94d8e732021-12-17 11:40:49.078root 11241100x8000000000000000141582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa11244fe0d86e742021-12-17 11:40:49.079root 11241100x8000000000000000141583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af520d1a72687a0b2021-12-17 11:40:49.079root 11241100x8000000000000000141584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97deb7240372bc5f2021-12-17 11:40:49.079root 11241100x8000000000000000141585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03998065344fea372021-12-17 11:40:49.079root 11241100x8000000000000000141586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f7df8708e1ac5e2021-12-17 11:40:49.080root 11241100x8000000000000000141587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe49257c95fd28d2021-12-17 11:40:49.081root 11241100x8000000000000000141588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d675b175e99b9b3a2021-12-17 11:40:49.081root 11241100x8000000000000000141589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1331cac24cc787b12021-12-17 11:40:49.081root 11241100x8000000000000000141590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c27792541b766c2021-12-17 11:40:49.081root 11241100x8000000000000000141591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de5d10e1cc465992021-12-17 11:40:49.082root 11241100x8000000000000000141592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e487ffc3e453ccc32021-12-17 11:40:49.082root 11241100x8000000000000000141593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbf36b4a4563b432021-12-17 11:40:49.082root 11241100x8000000000000000141594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c047d5089b33f4502021-12-17 11:40:49.082root 11241100x8000000000000000141595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9252e6f8867402e2021-12-17 11:40:49.083root 11241100x8000000000000000141596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6bdcb9e8385bdc2021-12-17 11:40:49.083root 11241100x8000000000000000141597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c374a67c43e36e902021-12-17 11:40:49.083root 11241100x8000000000000000141598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1123d20016e1d3782021-12-17 11:40:49.083root 11241100x8000000000000000141599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ae0c9115fcd0d22021-12-17 11:40:49.083root 11241100x8000000000000000141600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777ab19e9ace8e2d2021-12-17 11:40:49.084root 11241100x8000000000000000141601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0f026357e78fa12021-12-17 11:40:49.084root 11241100x8000000000000000141602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ac656128c199b12021-12-17 11:40:49.085root 11241100x8000000000000000141603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f518896b38e4fe252021-12-17 11:40:49.085root 11241100x8000000000000000141604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b261de89f86eae5c2021-12-17 11:40:49.086root 11241100x8000000000000000141605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bf307ff076a9982021-12-17 11:40:49.086root 11241100x8000000000000000141606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89df5494660fc552021-12-17 11:40:49.086root 11241100x8000000000000000141607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7b433ac94c6be92021-12-17 11:40:49.087root 11241100x8000000000000000141608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6908d67ee45df5d32021-12-17 11:40:49.087root 11241100x8000000000000000141609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.087{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b88034d04f8a782021-12-17 11:40:49.087root 11241100x8000000000000000141610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf8ca258ea92e322021-12-17 11:40:49.088root 11241100x8000000000000000141611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9e37c54dcf71d92021-12-17 11:40:49.088root 11241100x8000000000000000141612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ec6f67d2fad0882021-12-17 11:40:49.088root 11241100x8000000000000000141613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ab8d65741e8cee2021-12-17 11:40:49.088root 11241100x8000000000000000141614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.088{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b94ac16aad74c12021-12-17 11:40:49.088root 11241100x8000000000000000141615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5313640fad9c43ac2021-12-17 11:40:49.090root 11241100x8000000000000000141616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4177cf87ae5e761b2021-12-17 11:40:49.090root 11241100x8000000000000000141617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4e7a1f5f5839262021-12-17 11:40:49.090root 11241100x8000000000000000141618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e60cb4ff1db66462021-12-17 11:40:49.090root 11241100x8000000000000000141619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.090{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a17f2d39920fe312021-12-17 11:40:49.090root 11241100x8000000000000000141620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4faf77a07cb9f982021-12-17 11:40:49.091root 11241100x8000000000000000141621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d353182a55a65cc2021-12-17 11:40:49.091root 11241100x8000000000000000141622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2348cd30f9530852021-12-17 11:40:49.091root 11241100x8000000000000000141623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fef99430f5ceeb92021-12-17 11:40:49.091root 11241100x8000000000000000141624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.091{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7de4f48bec93a22021-12-17 11:40:49.091root 11241100x8000000000000000141625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.092{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b48f4d2569cd8de2021-12-17 11:40:49.092root 11241100x8000000000000000141626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.092{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e9f10c25b726582021-12-17 11:40:49.092root 11241100x8000000000000000141627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.092{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58d32f331a9508d2021-12-17 11:40:49.092root 11241100x8000000000000000141628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb14aa96bd6abd152021-12-17 11:40:49.093root 11241100x8000000000000000141629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b909e34709836a2021-12-17 11:40:49.093root 11241100x8000000000000000141630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68219c8b81db60112021-12-17 11:40:49.093root 11241100x8000000000000000141631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.093{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee448bb9b4b049f2021-12-17 11:40:49.093root 11241100x8000000000000000141632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.094{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b860bc621567762021-12-17 11:40:49.094root 11241100x8000000000000000141633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.094{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32320f9c24fc51a2021-12-17 11:40:49.094root 11241100x8000000000000000141634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.094{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50398902dde8d402021-12-17 11:40:49.094root 11241100x8000000000000000141635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.095{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc8a72d6aec8bde2021-12-17 11:40:49.095root 11241100x8000000000000000141636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.095{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37dd42c70e6450b2021-12-17 11:40:49.095root 11241100x8000000000000000141637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.095{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d0d1273237cc3d2021-12-17 11:40:49.095root 11241100x8000000000000000141638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.096{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b760f0ef04f477d2021-12-17 11:40:49.096root 11241100x8000000000000000141639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.096{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207bd98d86129d3c2021-12-17 11:40:49.096root 11241100x8000000000000000141640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.096{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57831a460afc2d792021-12-17 11:40:49.096root 11241100x8000000000000000141641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.097{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa756e13d232d912021-12-17 11:40:49.097root 11241100x8000000000000000141642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.097{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d13689e9d981532021-12-17 11:40:49.097root 11241100x8000000000000000141643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.097{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62aa7423dc416472021-12-17 11:40:49.097root 11241100x8000000000000000141644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.097{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d1aec3f67efa122021-12-17 11:40:49.097root 11241100x8000000000000000141645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.097{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f26d6923dcdf6ab2021-12-17 11:40:49.097root 11241100x8000000000000000141646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.097{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d85e3db9ed1cf32021-12-17 11:40:49.097root 11241100x8000000000000000141647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.097{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fe583b028fdb752021-12-17 11:40:49.097root 11241100x8000000000000000141648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.098{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b586a69e598f602021-12-17 11:40:49.098root 11241100x8000000000000000141649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.098{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94172bd991863fa32021-12-17 11:40:49.098root 11241100x8000000000000000141650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.098{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3820ba98c925c6af2021-12-17 11:40:49.098root 11241100x8000000000000000141651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.098{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bb3b168258ee132021-12-17 11:40:49.098root 11241100x8000000000000000141652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.099{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f3b7fd0a1d4f2c2021-12-17 11:40:49.099root 11241100x8000000000000000141653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.099{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fc14e3d95426042021-12-17 11:40:49.099root 11241100x8000000000000000141654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.099{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d634179830af2092021-12-17 11:40:49.099root 11241100x8000000000000000141655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.100{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03f583f0520748a2021-12-17 11:40:49.100root 11241100x8000000000000000141656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.100{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7220e703164f812021-12-17 11:40:49.100root 11241100x8000000000000000141657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.100{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb66c8ae780ff242021-12-17 11:40:49.100root 11241100x8000000000000000141658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.100{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391ad4ac2a92d86c2021-12-17 11:40:49.100root 11241100x8000000000000000141659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.100{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad90742cd027ed42021-12-17 11:40:49.100root 11241100x8000000000000000141660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.101{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f987c6788aea27b62021-12-17 11:40:49.101root 11241100x8000000000000000141661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.101{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2767035bb5bfda32021-12-17 11:40:49.101root 11241100x8000000000000000141662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.101{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3feb787deea6c292021-12-17 11:40:49.101root 11241100x8000000000000000141663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.101{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc207e9677000de2021-12-17 11:40:49.101root 11241100x8000000000000000141664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.101{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99cee66bb29f7a82021-12-17 11:40:49.101root 11241100x8000000000000000141665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.101{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290210641411501f2021-12-17 11:40:49.101root 11241100x8000000000000000141666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.101{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e316b98bb057692021-12-17 11:40:49.101root 11241100x8000000000000000141667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.102{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672cc58d3095cdc02021-12-17 11:40:49.102root 11241100x8000000000000000141668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.102{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e39ead98815b322021-12-17 11:40:49.102root 11241100x8000000000000000141669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.102{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4442ed0655eaa072021-12-17 11:40:49.102root 11241100x8000000000000000141670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.102{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f20844d7a50e2b62021-12-17 11:40:49.102root 11241100x8000000000000000141671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.103{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7908dc5999fca52021-12-17 11:40:49.103root 11241100x8000000000000000141672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.104{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc308c297c6e344e2021-12-17 11:40:49.104root 11241100x8000000000000000141673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.104{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fce4d13b42866f2021-12-17 11:40:49.104root 11241100x8000000000000000141674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.104{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb74c91ef325acdb2021-12-17 11:40:49.104root 11241100x8000000000000000141675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.105{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85545ac587f2ffbf2021-12-17 11:40:49.105root 11241100x8000000000000000141676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.105{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c9053943eb64bc2021-12-17 11:40:49.105root 11241100x8000000000000000141677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.107{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6005881a653e08ed2021-12-17 11:40:49.107root 11241100x8000000000000000141678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.107{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec78ccdc43ff8312021-12-17 11:40:49.107root 11241100x8000000000000000141679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.107{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b239fc5a8669742021-12-17 11:40:49.107root 11241100x8000000000000000141680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.108{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7842c70701a2682021-12-17 11:40:49.108root 11241100x8000000000000000141681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.108{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6601f3b1d4a1c92021-12-17 11:40:49.108root 11241100x8000000000000000141682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.108{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc3dc71e488f7d02021-12-17 11:40:49.108root 11241100x8000000000000000141683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.108{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd82a5fb61fce152021-12-17 11:40:49.108root 11241100x8000000000000000141684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.109{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bd5049a8921bc02021-12-17 11:40:49.109root 11241100x8000000000000000141685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b73d531c3caad32021-12-17 11:40:49.111root 11241100x8000000000000000141686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86bfde0055359992021-12-17 11:40:49.111root 11241100x8000000000000000141687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.111{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629d4587d3731ee72021-12-17 11:40:49.111root 11241100x8000000000000000141688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc6775d5260aaeb2021-12-17 11:40:49.112root 11241100x8000000000000000141689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8be2ba94465cdfa2021-12-17 11:40:49.112root 11241100x8000000000000000141690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5688ad0518ee16172021-12-17 11:40:49.112root 11241100x8000000000000000141691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e356cca1811170c92021-12-17 11:40:49.112root 11241100x8000000000000000141692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a262627951225652021-12-17 11:40:49.112root 11241100x8000000000000000141693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3aa10362090eec2021-12-17 11:40:49.112root 11241100x8000000000000000141694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334b16202ec9f6a72021-12-17 11:40:49.112root 11241100x8000000000000000141695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66a87dd195337282021-12-17 11:40:49.112root 11241100x8000000000000000141696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68f6b4e19e638c02021-12-17 11:40:49.112root 11241100x8000000000000000141697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0355a86fdaa4a5f2021-12-17 11:40:49.112root 11241100x8000000000000000141698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38d4a3e6a3cc1372021-12-17 11:40:49.112root 11241100x8000000000000000141699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7a522924f4ff8c2021-12-17 11:40:49.112root 11241100x8000000000000000141700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd12cc0f012e1f3a2021-12-17 11:40:49.112root 11241100x8000000000000000141701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.112{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9b470dc2a098ad2021-12-17 11:40:49.112root 11241100x8000000000000000141702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff5d3d078e90e602021-12-17 11:40:49.113root 11241100x8000000000000000141703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0832683c8c9f762021-12-17 11:40:49.113root 11241100x8000000000000000141704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e2d852d756e6c62021-12-17 11:40:49.113root 11241100x8000000000000000141705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdc519672c8fcaf2021-12-17 11:40:49.113root 11241100x8000000000000000141706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5e7891d45247bf2021-12-17 11:40:49.113root 11241100x8000000000000000141707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8a04524fb537392021-12-17 11:40:49.113root 11241100x8000000000000000141708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d5895c437e17972021-12-17 11:40:49.113root 11241100x8000000000000000141709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099efcc78cbbf80d2021-12-17 11:40:49.113root 11241100x8000000000000000141710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2339408f6f092752021-12-17 11:40:49.113root 11241100x8000000000000000141711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6774bd3851d0b9632021-12-17 11:40:49.113root 11241100x8000000000000000141712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be569c7cce3bc2662021-12-17 11:40:49.113root 11241100x8000000000000000141713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c550ee01620943f52021-12-17 11:40:49.113root 11241100x8000000000000000141714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e069c1ea89aa2b2021-12-17 11:40:49.113root 11241100x8000000000000000141715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9372442f3751a52021-12-17 11:40:49.113root 11241100x8000000000000000141716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.113{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede1ec82dd11c3612021-12-17 11:40:49.113root 11241100x8000000000000000141717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.114{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7420aa1b1cd626e62021-12-17 11:40:49.114root 11241100x8000000000000000141718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.114{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0997258a45c20cc2021-12-17 11:40:49.114root 11241100x8000000000000000141719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.114{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5b26dada1733f92021-12-17 11:40:49.114root 11241100x8000000000000000141720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.114{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74721b98aeee78422021-12-17 11:40:49.114root 11241100x8000000000000000141721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.114{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0e99674f1a035a2021-12-17 11:40:49.114root 11241100x8000000000000000141722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca281e3b589659d2021-12-17 11:40:49.115root 11241100x8000000000000000141723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78bbec8b43500952021-12-17 11:40:49.115root 11241100x8000000000000000141724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41c2a09bbbf977c2021-12-17 11:40:49.115root 11241100x8000000000000000141725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9af4e7ffb9e4bc82021-12-17 11:40:49.115root 11241100x8000000000000000141726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b547299d34ed2d02021-12-17 11:40:49.115root 11241100x8000000000000000141727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e50a042e3dcfe922021-12-17 11:40:49.115root 11241100x8000000000000000141728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d2840b411aacdd2021-12-17 11:40:49.115root 11241100x8000000000000000141729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf605551b0d05de92021-12-17 11:40:49.115root 11241100x8000000000000000141730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534baf43554b44042021-12-17 11:40:49.115root 11241100x8000000000000000141731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4df5acb7008f122021-12-17 11:40:49.115root 11241100x8000000000000000141732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.115{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277361a2f5034a862021-12-17 11:40:49.115root 11241100x8000000000000000141733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edca3c3f83629bc42021-12-17 11:40:49.116root 11241100x8000000000000000141734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942df16c0e46ac5f2021-12-17 11:40:49.116root 11241100x8000000000000000141735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad1e9cdf70309182021-12-17 11:40:49.116root 11241100x8000000000000000141736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d3aa07c1cdfa542021-12-17 11:40:49.116root 11241100x8000000000000000141737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efda3e44cbdb5c3b2021-12-17 11:40:49.116root 11241100x8000000000000000141738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9347535bc5bd7a2021-12-17 11:40:49.116root 11241100x8000000000000000141739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a1cb25d6f108092021-12-17 11:40:49.116root 11241100x8000000000000000141740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dee003f0020af922021-12-17 11:40:49.116root 11241100x8000000000000000141741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8c0593d1fb82362021-12-17 11:40:49.116root 11241100x8000000000000000141742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25188c1d15128a602021-12-17 11:40:49.116root 11241100x8000000000000000141743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305a255501eb13ff2021-12-17 11:40:49.116root 11241100x8000000000000000141744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.116{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1263e3b128d3ec4c2021-12-17 11:40:49.116root 11241100x8000000000000000141745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.117{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134d4b78eb54cc562021-12-17 11:40:49.117root 11241100x8000000000000000141746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.117{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183a16ae9d696a4b2021-12-17 11:40:49.117root 11241100x8000000000000000141747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.117{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c29f93eb73454f2021-12-17 11:40:49.117root 11241100x8000000000000000141748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.117{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932afed6c778113c2021-12-17 11:40:49.117root 11241100x8000000000000000141749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.117{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8719073eff62bdf82021-12-17 11:40:49.117root 11241100x8000000000000000141750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.117{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68138982d46c50782021-12-17 11:40:49.117root 11241100x8000000000000000141751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.117{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486d7987b2a1fcda2021-12-17 11:40:49.117root 11241100x8000000000000000141752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.117{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e8b7701ee649a92021-12-17 11:40:49.117root 11241100x8000000000000000141753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.118{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aa73b3824c1a922021-12-17 11:40:49.118root 11241100x8000000000000000141754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.118{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5e49a9ef4510422021-12-17 11:40:49.118root 11241100x8000000000000000141755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.118{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eee009a28939f492021-12-17 11:40:49.118root 11241100x8000000000000000141756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.118{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a01be15e3fe79a72021-12-17 11:40:49.118root 11241100x8000000000000000141757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53469148b4d636532021-12-17 11:40:49.556root 11241100x8000000000000000141758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a577434988679742021-12-17 11:40:49.557root 11241100x8000000000000000141759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21aeeb220390a5fb2021-12-17 11:40:49.557root 11241100x8000000000000000141760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bd09a75ca89ab82021-12-17 11:40:49.557root 11241100x8000000000000000141761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5ca4932df054ea2021-12-17 11:40:49.557root 11241100x8000000000000000141762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de3c5394c27df072021-12-17 11:40:49.557root 11241100x8000000000000000141763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9ec71bb5885a5a2021-12-17 11:40:49.557root 11241100x8000000000000000141764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02865fb553d7fb062021-12-17 11:40:49.557root 11241100x8000000000000000141765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231eda0edb1f5d0a2021-12-17 11:40:49.557root 11241100x8000000000000000141766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d97c2f779a6fa382021-12-17 11:40:49.557root 11241100x8000000000000000141767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baac7ca39232d2502021-12-17 11:40:49.557root 11241100x8000000000000000141768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d558092e8f059b2021-12-17 11:40:49.557root 11241100x8000000000000000141769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6fc886cfd7bcdc2021-12-17 11:40:49.557root 11241100x8000000000000000141770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f022a22155c4ce72021-12-17 11:40:49.558root 11241100x8000000000000000141771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834a181c66b290d32021-12-17 11:40:49.558root 11241100x8000000000000000141772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc7204a2f7706702021-12-17 11:40:49.558root 11241100x8000000000000000141773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6b9025f57de9522021-12-17 11:40:49.558root 11241100x8000000000000000141774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4b397a3b7e03f22021-12-17 11:40:49.558root 11241100x8000000000000000141775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bf3505b1799c6e2021-12-17 11:40:49.558root 11241100x8000000000000000141776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaf15185bbd64d52021-12-17 11:40:49.558root 11241100x8000000000000000141777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ee0d8f594b0aa62021-12-17 11:40:49.558root 11241100x8000000000000000141778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f331badfe9982e2021-12-17 11:40:49.558root 11241100x8000000000000000141779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a661215adcc041cd2021-12-17 11:40:49.558root 11241100x8000000000000000141780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af8621821ae54552021-12-17 11:40:49.558root 11241100x8000000000000000141781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f148f8e26ec597882021-12-17 11:40:49.558root 11241100x8000000000000000141782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f1cbdcaa5416262021-12-17 11:40:49.559root 11241100x8000000000000000141783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dc8067e60232412021-12-17 11:40:49.559root 11241100x8000000000000000141784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabf05d5c4a76ed82021-12-17 11:40:49.559root 11241100x8000000000000000141785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5822afc0a5bd93c42021-12-17 11:40:49.559root 11241100x8000000000000000141786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262f37064b392e162021-12-17 11:40:49.559root 11241100x8000000000000000141787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a259556b4bca2e652021-12-17 11:40:49.559root 11241100x8000000000000000141788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb518bdec5a064f2021-12-17 11:40:49.559root 11241100x8000000000000000141789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28b75dc1b7584cf2021-12-17 11:40:49.559root 11241100x8000000000000000141790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dd89ebcb39d6232021-12-17 11:40:49.559root 11241100x8000000000000000141791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c806085453e13592021-12-17 11:40:49.559root 11241100x8000000000000000141792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a326200c69ef89c52021-12-17 11:40:49.559root 11241100x8000000000000000141793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12feb8d874cca59f2021-12-17 11:40:49.559root 11241100x8000000000000000141794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bb573656350b052021-12-17 11:40:49.559root 11241100x8000000000000000141795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0a65dbfea808452021-12-17 11:40:49.560root 11241100x8000000000000000141796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08275d4836fafd0e2021-12-17 11:40:49.560root 11241100x8000000000000000141797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4132bf012c5e31a22021-12-17 11:40:49.560root 11241100x8000000000000000141798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156231bb8e53ce762021-12-17 11:40:49.560root 11241100x8000000000000000141799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e650914712bde12021-12-17 11:40:49.560root 11241100x8000000000000000141800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74289fa0d8af2d4e2021-12-17 11:40:49.560root 11241100x8000000000000000141801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a8b4d7290e5e322021-12-17 11:40:49.561root 11241100x8000000000000000141802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f57898f260a0d42021-12-17 11:40:49.561root 11241100x8000000000000000141803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a5336518de8eaf2021-12-17 11:40:49.561root 11241100x8000000000000000141804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de18bdd0b2cd5702021-12-17 11:40:49.561root 11241100x8000000000000000141805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c022bc37b131843b2021-12-17 11:40:49.562root 11241100x8000000000000000141806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e210c3f0d06a5bb62021-12-17 11:40:49.562root 11241100x8000000000000000141807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5939a263be88d972021-12-17 11:40:49.562root 11241100x8000000000000000141808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48fe90c64ab9ef12021-12-17 11:40:49.562root 11241100x8000000000000000141809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc26d3f90b4b6f52021-12-17 11:40:49.563root 11241100x8000000000000000141810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2b78554863d0812021-12-17 11:40:49.563root 11241100x8000000000000000141811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e4927478cf9a372021-12-17 11:40:49.563root 11241100x8000000000000000141812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f85ab05def40722021-12-17 11:40:49.564root 11241100x8000000000000000141813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9c796b25f282bb2021-12-17 11:40:49.564root 11241100x8000000000000000141814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.564{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1954babd4548322021-12-17 11:40:49.564root 11241100x8000000000000000141815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d6d008ff8665d82021-12-17 11:40:49.565root 11241100x8000000000000000141816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283a378987be931c2021-12-17 11:40:49.565root 11241100x8000000000000000141817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2260ea03ec82d0802021-12-17 11:40:49.565root 11241100x8000000000000000141818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22def748fcd1f19e2021-12-17 11:40:49.565root 11241100x8000000000000000141819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10182b56104284b82021-12-17 11:40:49.566root 11241100x8000000000000000141820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb33717cd189450d2021-12-17 11:40:49.566root 11241100x8000000000000000141821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961fcce202b615c92021-12-17 11:40:49.566root 11241100x8000000000000000141822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e36ce13e114e482021-12-17 11:40:49.567root 11241100x8000000000000000141823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6025a752e11d42e12021-12-17 11:40:49.567root 11241100x8000000000000000141824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebc199172e06c002021-12-17 11:40:49.567root 11241100x8000000000000000141825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9333841396abdef82021-12-17 11:40:49.568root 11241100x8000000000000000141826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cb3a7f449bebf62021-12-17 11:40:49.568root 11241100x8000000000000000141827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e6b177e32651282021-12-17 11:40:49.568root 11241100x8000000000000000141828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.568{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718bbb7f99e915902021-12-17 11:40:49.568root 11241100x8000000000000000141829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7069a0e80d52599d2021-12-17 11:40:49.569root 11241100x8000000000000000141830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.569{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0527a79df6b51b662021-12-17 11:40:49.569root 11241100x8000000000000000141831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e28b0ff4e4bca932021-12-17 11:40:49.570root 11241100x8000000000000000141832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c85adb8af5e8ed62021-12-17 11:40:49.570root 11241100x8000000000000000141833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.570{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827da5e4cfed6dce2021-12-17 11:40:49.570root 11241100x8000000000000000141834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b1cf8b4c481b2d2021-12-17 11:40:49.571root 11241100x8000000000000000141835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d950a3c005cc85182021-12-17 11:40:49.571root 11241100x8000000000000000141836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0fa23922948a002021-12-17 11:40:49.571root 11241100x8000000000000000141837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f54e8606b3591db2021-12-17 11:40:49.571root 11241100x8000000000000000141838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.571{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edae0d66232aa142021-12-17 11:40:49.571root 11241100x8000000000000000141839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752c48c72c6b817f2021-12-17 11:40:49.572root 11241100x8000000000000000141840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c36614359815372021-12-17 11:40:49.572root 11241100x8000000000000000141841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33514367640272c12021-12-17 11:40:49.572root 11241100x8000000000000000141842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962e37ad5391185d2021-12-17 11:40:49.572root 11241100x8000000000000000141843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.572{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1423f0f71004c492021-12-17 11:40:49.572root 11241100x8000000000000000141844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2081449161ad4522021-12-17 11:40:49.573root 11241100x8000000000000000141845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.573{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00bccc9d2021fdf2021-12-17 11:40:49.573root 11241100x8000000000000000141846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d954d5c6184fd8e42021-12-17 11:40:49.574root 11241100x8000000000000000141847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6b3fd7c59056602021-12-17 11:40:49.574root 11241100x8000000000000000141848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0522251d8a0f56ae2021-12-17 11:40:49.574root 11241100x8000000000000000141849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d52b64f61265f1e2021-12-17 11:40:49.574root 11241100x8000000000000000141850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.574{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873523d20f3b235a2021-12-17 11:40:49.574root 11241100x8000000000000000141851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.576{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970c678164359ea42021-12-17 11:40:49.576root 11241100x8000000000000000141852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.576{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e81302d3d6260382021-12-17 11:40:49.576root 11241100x8000000000000000141853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.577{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2300e5080a5e4c782021-12-17 11:40:49.577root 11241100x8000000000000000141854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.577{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beac3f9e181ca0682021-12-17 11:40:49.577root 11241100x8000000000000000141855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.577{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b082ce929ff79b2021-12-17 11:40:49.577root 11241100x8000000000000000141856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.579{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47707bdc8ce4f972021-12-17 11:40:49.579root 11241100x8000000000000000141857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.579{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce9d10c75dbc0752021-12-17 11:40:49.579root 11241100x8000000000000000141858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.579{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da8b2584eabe66f2021-12-17 11:40:49.579root 11241100x8000000000000000141859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.580{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6490b1c58789ccc42021-12-17 11:40:49.580root 11241100x8000000000000000141860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.580{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dcc127ac29402c2021-12-17 11:40:49.580root 11241100x8000000000000000141861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.580{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f6c9e0b529186f2021-12-17 11:40:49.580root 11241100x8000000000000000141862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.581{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16eec9655b0ff4aa2021-12-17 11:40:49.581root 11241100x8000000000000000141863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.581{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fab376cb515b1b2021-12-17 11:40:49.581root 11241100x8000000000000000141864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.582{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ad4e4f0093e6f02021-12-17 11:40:49.582root 11241100x8000000000000000141865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.582{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1523b26f5eac3c62021-12-17 11:40:49.582root 11241100x8000000000000000141866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.584{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df53e46483500032021-12-17 11:40:49.584root 11241100x8000000000000000141867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.584{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7907e4678083e202021-12-17 11:40:49.584root 11241100x8000000000000000141868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.584{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b02fe39c2173fb2021-12-17 11:40:49.584root 11241100x8000000000000000141869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.584{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be15b8258fcd68ff2021-12-17 11:40:49.584root 11241100x8000000000000000141870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.584{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76553c2120e836af2021-12-17 11:40:49.584root 11241100x8000000000000000141871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.584{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5491f083bdb048ef2021-12-17 11:40:49.584root 11241100x8000000000000000141872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.584{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad4dde6867648122021-12-17 11:40:49.584root 11241100x8000000000000000141873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7e06ac64d622542021-12-17 11:40:49.585root 11241100x8000000000000000141874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceefebcbad0dfc602021-12-17 11:40:49.585root 11241100x8000000000000000141875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f05f552c137bbb22021-12-17 11:40:49.585root 11241100x8000000000000000141876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a684ba930b70052021-12-17 11:40:49.585root 11241100x8000000000000000141877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e639dc7ae065ba2021-12-17 11:40:49.585root 11241100x8000000000000000141878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bc66a965d56b6f2021-12-17 11:40:49.585root 11241100x8000000000000000141879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5c8512978510832021-12-17 11:40:49.585root 11241100x8000000000000000141880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37d667c8029af2f2021-12-17 11:40:49.585root 11241100x8000000000000000141881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09e2a1ea69b42cf2021-12-17 11:40:49.585root 11241100x8000000000000000141882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f3a3da9dea52d32021-12-17 11:40:49.585root 11241100x8000000000000000141883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0759bc57a06b53c2021-12-17 11:40:49.585root 11241100x8000000000000000141884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc03286f23d318232021-12-17 11:40:49.585root 11241100x8000000000000000141885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125e8c37217ef83c2021-12-17 11:40:49.585root 11241100x8000000000000000141886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aea5260dac1a6712021-12-17 11:40:49.585root 11241100x8000000000000000141887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.585{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adc433c286588822021-12-17 11:40:49.585root 11241100x8000000000000000141888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.586{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4960ca8bc9faacb2021-12-17 11:40:49.586root 11241100x8000000000000000141889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.586{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641449e801a183242021-12-17 11:40:49.586root 11241100x8000000000000000141890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.586{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14f60e6a473bb622021-12-17 11:40:49.586root 11241100x8000000000000000141891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.586{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dad1697970ae1b2021-12-17 11:40:49.586root 11241100x8000000000000000141892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.586{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606c30fdaeb512cc2021-12-17 11:40:49.586root 11241100x8000000000000000141893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.586{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e870bfa93dce214b2021-12-17 11:40:49.586root 11241100x8000000000000000141894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbdf1e3ee8df3af2021-12-17 11:40:49.587root 11241100x8000000000000000141895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b31db33c84a7ed2021-12-17 11:40:49.587root 11241100x8000000000000000141896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f94d8d411d309c2021-12-17 11:40:49.587root 11241100x8000000000000000141897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b72a92d71b13ba2021-12-17 11:40:49.587root 11241100x8000000000000000141898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ee0b36d98c1e872021-12-17 11:40:49.587root 11241100x8000000000000000141899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f045c7d6bb57d7822021-12-17 11:40:49.587root 11241100x8000000000000000141900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e6b14089b07562021-12-17 11:40:49.587root 11241100x8000000000000000141901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.587{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd0be718b5ef75f2021-12-17 11:40:49.587root 11241100x8000000000000000141902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.588{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e1a7d6a8e63ffb2021-12-17 11:40:49.588root 11241100x8000000000000000141903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.588{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ed6ce767a2eaf52021-12-17 11:40:49.588root 11241100x8000000000000000141904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.588{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e48088ca959b7462021-12-17 11:40:49.588root 11241100x8000000000000000141905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.588{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b90d9da6692d9a62021-12-17 11:40:49.588root 11241100x8000000000000000141906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.588{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76750879c2c7711d2021-12-17 11:40:49.588root 11241100x8000000000000000141907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.590{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d6952c7eaa27582021-12-17 11:40:49.590root 11241100x8000000000000000141908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.590{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbc9e5c72a190372021-12-17 11:40:49.590root 11241100x8000000000000000141909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.590{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf6a5ddc76d4a2b2021-12-17 11:40:49.590root 11241100x8000000000000000141910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.590{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01b7b7ba7d6c11d2021-12-17 11:40:49.590root 11241100x8000000000000000141911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.590{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7ab99a1f6506582021-12-17 11:40:49.590root 11241100x8000000000000000141912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.590{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e59ed58840511602021-12-17 11:40:49.590root 11241100x8000000000000000141913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc5872bff4ed7692021-12-17 11:40:49.591root 11241100x8000000000000000141914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c36c0cb9ad119b2021-12-17 11:40:49.591root 11241100x8000000000000000141915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5b497367c11caf2021-12-17 11:40:49.591root 11241100x8000000000000000141916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3b089b7a8622f02021-12-17 11:40:49.591root 11241100x8000000000000000141917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e832c89ea6974a0e2021-12-17 11:40:49.591root 11241100x8000000000000000141918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c312aa969ea99c822021-12-17 11:40:49.591root 11241100x8000000000000000141919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a36ff9fe8c78db2021-12-17 11:40:49.591root 11241100x8000000000000000141920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.591{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3d6f4cc994a9782021-12-17 11:40:49.591root 11241100x8000000000000000141921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.592{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3679550213af08b2021-12-17 11:40:49.592root 11241100x8000000000000000141922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.592{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36221a27ae89a7692021-12-17 11:40:49.592root 11241100x8000000000000000141923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.593{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456bfb96a8a874cc2021-12-17 11:40:49.593root 11241100x8000000000000000141924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.593{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae0686d669d828a2021-12-17 11:40:49.593root 11241100x8000000000000000141925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.593{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c66498f61df93362021-12-17 11:40:49.593root 11241100x8000000000000000141926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.593{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c3fe60b33062d62021-12-17 11:40:49.593root 11241100x8000000000000000141927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.593{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c17bb30a414c502021-12-17 11:40:49.593root 11241100x8000000000000000141928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.593{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c575f1bf97fd792021-12-17 11:40:49.593root 11241100x8000000000000000141929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.594{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76be1a8cf1d91582021-12-17 11:40:49.594root 11241100x8000000000000000141930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.594{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027097fd8abb3e132021-12-17 11:40:49.594root 11241100x8000000000000000141931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.594{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e47877598de64b92021-12-17 11:40:49.594root 11241100x8000000000000000141932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:49.594{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d2a208200b2a402021-12-17 11:40:49.594root 11241100x8000000000000000141933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b23c29650d7fe082021-12-17 11:40:50.057root 11241100x8000000000000000141934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04019adb246907742021-12-17 11:40:50.057root 11241100x8000000000000000141935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051a120cd800dbc12021-12-17 11:40:50.057root 11241100x8000000000000000141936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60ccc52189d9af72021-12-17 11:40:50.057root 11241100x8000000000000000141937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa5fb9e317e0ccc2021-12-17 11:40:50.057root 11241100x8000000000000000141938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d778c33103c22ed62021-12-17 11:40:50.057root 11241100x8000000000000000141939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6c8e65151d4f5a2021-12-17 11:40:50.057root 11241100x8000000000000000141940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44bf3259c60e5a22021-12-17 11:40:50.057root 11241100x8000000000000000141941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227ea0b6e357cea92021-12-17 11:40:50.057root 11241100x8000000000000000141942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cd482936db52292021-12-17 11:40:50.058root 11241100x8000000000000000141943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b1ef5573ff5ff42021-12-17 11:40:50.058root 11241100x8000000000000000141944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb0b0c9d485ba4d2021-12-17 11:40:50.058root 11241100x8000000000000000141945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ebc54d3431416d2021-12-17 11:40:50.058root 11241100x8000000000000000141946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67504b298b8fb50f2021-12-17 11:40:50.058root 11241100x8000000000000000141947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2158c5fa694d7e442021-12-17 11:40:50.058root 11241100x8000000000000000141948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3357a91da28c4ed12021-12-17 11:40:50.058root 11241100x8000000000000000141949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e412e930bd23de12021-12-17 11:40:50.058root 11241100x8000000000000000141950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6085c1342410d02021-12-17 11:40:50.058root 11241100x8000000000000000141951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8586a0b0c9de86782021-12-17 11:40:50.058root 11241100x8000000000000000141952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a696fe33847c0adf2021-12-17 11:40:50.059root 11241100x8000000000000000141953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa5d4672da57ad52021-12-17 11:40:50.059root 11241100x8000000000000000141954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2853434c8700efc92021-12-17 11:40:50.059root 11241100x8000000000000000141955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288ef60d470812cd2021-12-17 11:40:50.059root 11241100x8000000000000000141956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c44cd5cfe295fd2021-12-17 11:40:50.059root 11241100x8000000000000000141957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01046506c631f862021-12-17 11:40:50.059root 11241100x8000000000000000141958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f847912080dbbaf2021-12-17 11:40:50.059root 11241100x8000000000000000141959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3780ca7b70ccd9352021-12-17 11:40:50.059root 11241100x8000000000000000141960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61a25e3962b6c372021-12-17 11:40:50.060root 11241100x8000000000000000141961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15961bdc61132f552021-12-17 11:40:50.060root 11241100x8000000000000000141962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c21d8b0a79144f32021-12-17 11:40:50.060root 11241100x8000000000000000141963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5004c17354802852021-12-17 11:40:50.060root 11241100x8000000000000000141964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2281487cf28f9842021-12-17 11:40:50.060root 11241100x8000000000000000141965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbc3ed3402aa9f72021-12-17 11:40:50.060root 11241100x8000000000000000141966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61d262e6c206a172021-12-17 11:40:50.060root 11241100x8000000000000000141967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcf62f86c52a3072021-12-17 11:40:50.060root 11241100x8000000000000000141968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd587e02d979ad432021-12-17 11:40:50.061root 11241100x8000000000000000141969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b21c094e53fbb72021-12-17 11:40:50.061root 11241100x8000000000000000141970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371f9f77439fd9fa2021-12-17 11:40:50.061root 11241100x8000000000000000141971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46507df46494ecb92021-12-17 11:40:50.061root 11241100x8000000000000000141972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba00589f043ecea2021-12-17 11:40:50.061root 11241100x8000000000000000141973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f84876782a120d2021-12-17 11:40:50.061root 11241100x8000000000000000141974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b851b7448dd8aad2021-12-17 11:40:50.061root 11241100x8000000000000000141975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58055b5e5c0db892021-12-17 11:40:50.061root 11241100x8000000000000000141976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.061{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa4ada1c60f1e4a2021-12-17 11:40:50.061root 11241100x8000000000000000141977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0078e33b31b3c3952021-12-17 11:40:50.062root 11241100x8000000000000000141978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c01c9d1c4991cb2021-12-17 11:40:50.062root 11241100x8000000000000000141979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055960e12964e96d2021-12-17 11:40:50.062root 11241100x8000000000000000141980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9a3461e9caccc72021-12-17 11:40:50.062root 11241100x8000000000000000141981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e48301ec558638f2021-12-17 11:40:50.062root 11241100x8000000000000000141982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1f9486d7a59b812021-12-17 11:40:50.062root 11241100x8000000000000000141983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef3888ca4a498592021-12-17 11:40:50.062root 11241100x8000000000000000141984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e96ddad5053e312021-12-17 11:40:50.063root 11241100x8000000000000000141985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eec20dbbb612542021-12-17 11:40:50.063root 11241100x8000000000000000141986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25c818ed7b617392021-12-17 11:40:50.063root 11241100x8000000000000000141987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81955eabe84038ee2021-12-17 11:40:50.063root 11241100x8000000000000000141988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f50a5d704e7cb542021-12-17 11:40:50.064root 11241100x8000000000000000141989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b361ce6e63742d992021-12-17 11:40:50.064root 11241100x8000000000000000141990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba15791d61b4fd592021-12-17 11:40:50.064root 11241100x8000000000000000141991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293f49e841f1cff52021-12-17 11:40:50.064root 11241100x8000000000000000141992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf126d66e80183872021-12-17 11:40:50.065root 11241100x8000000000000000141993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef262d0938774fa2021-12-17 11:40:50.065root 11241100x8000000000000000141994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a296fdde6d69f12021-12-17 11:40:50.065root 11241100x8000000000000000141995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.065{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08228cdb2583466c2021-12-17 11:40:50.065root 11241100x8000000000000000141996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181bcb8b860bf49c2021-12-17 11:40:50.066root 11241100x8000000000000000141997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf201b9c17bd222021-12-17 11:40:50.066root 11241100x8000000000000000141998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac92f7e580f65322021-12-17 11:40:50.066root 11241100x8000000000000000141999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f82f4464b793562021-12-17 11:40:50.066root 11241100x8000000000000000142000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.066{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fea334b14ce3bd2021-12-17 11:40:50.066root 11241100x8000000000000000142001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163b92ab1599d5f12021-12-17 11:40:50.067root 11241100x8000000000000000142002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0a873feb7d29e82021-12-17 11:40:50.067root 11241100x8000000000000000142003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4762df6af97f98fe2021-12-17 11:40:50.067root 11241100x8000000000000000142004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.067{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d250e09d45edf5f32021-12-17 11:40:50.067root 11241100x8000000000000000142005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbea87e87108708f2021-12-17 11:40:50.068root 11241100x8000000000000000142006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2a37d5ee82ce512021-12-17 11:40:50.068root 11241100x8000000000000000142007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9bbe27a13c3dc82021-12-17 11:40:50.068root 11241100x8000000000000000142008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8584613f49a70582021-12-17 11:40:50.068root 11241100x8000000000000000142009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.068{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efdfa5e3eac10182021-12-17 11:40:50.068root 11241100x8000000000000000142010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e735039a76b12baf2021-12-17 11:40:50.069root 11241100x8000000000000000142011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dec39e7e1e011de2021-12-17 11:40:50.069root 11241100x8000000000000000142012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.069{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5079edd243e04d92021-12-17 11:40:50.069root 11241100x8000000000000000142013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ce57f7c27c7c182021-12-17 11:40:50.070root 11241100x8000000000000000142014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.070{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46053945d04920b82021-12-17 11:40:50.070root 11241100x8000000000000000142015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7b62acc4ab05742021-12-17 11:40:50.071root 11241100x8000000000000000142016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdee9984dca766d32021-12-17 11:40:50.071root 11241100x8000000000000000142017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c699f7855be8962021-12-17 11:40:50.071root 11241100x8000000000000000142018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.071{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836c3ee0c0ca2c0d2021-12-17 11:40:50.071root 11241100x8000000000000000142019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d18ee23c38464002021-12-17 11:40:50.072root 11241100x8000000000000000142020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1410b7b913b1ae7c2021-12-17 11:40:50.072root 11241100x8000000000000000142021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a694c125a97d26182021-12-17 11:40:50.072root 11241100x8000000000000000142022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0297168c6e2bb9d62021-12-17 11:40:50.072root 11241100x8000000000000000142023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.072{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2523563738bc1f12021-12-17 11:40:50.072root 11241100x8000000000000000142024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056098a3d047a8632021-12-17 11:40:50.073root 11241100x8000000000000000142025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.073{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2ed383ad3fb2d92021-12-17 11:40:50.073root 11241100x8000000000000000142026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ceeb5eb12bd2eb42021-12-17 11:40:50.074root 11241100x8000000000000000142027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c30750c6f7615e2021-12-17 11:40:50.074root 11241100x8000000000000000142028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8680ae025e884b2021-12-17 11:40:50.074root 11241100x8000000000000000142029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef836c6782fbb8542021-12-17 11:40:50.074root 11241100x8000000000000000142030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7143736c38ecf12021-12-17 11:40:50.074root 11241100x8000000000000000142031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f16bef9b401e6c82021-12-17 11:40:50.074root 11241100x8000000000000000142032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51168b278cfa29422021-12-17 11:40:50.074root 11241100x8000000000000000142033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05a6c0b8b50b87f2021-12-17 11:40:50.074root 11241100x8000000000000000142034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.074{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19047a402f30cdfe2021-12-17 11:40:50.074root 11241100x8000000000000000142035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ce6db02a2783b42021-12-17 11:40:50.075root 11241100x8000000000000000142036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a484c40dcdd61ca2021-12-17 11:40:50.075root 11241100x8000000000000000142037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf7bc47cb14a7e82021-12-17 11:40:50.075root 11241100x8000000000000000142038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b376b184d4b905ef2021-12-17 11:40:50.075root 11241100x8000000000000000142039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7a651c0d4c0ff52021-12-17 11:40:50.075root 11241100x8000000000000000142040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d85b93e02bf2022021-12-17 11:40:50.075root 11241100x8000000000000000142041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b5dbb8fe37f8082021-12-17 11:40:50.075root 11241100x8000000000000000142042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d35436c7c18e202021-12-17 11:40:50.075root 11241100x8000000000000000142043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c21468af1506eb2021-12-17 11:40:50.075root 11241100x8000000000000000142044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.075{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c7ae35bd88a8de2021-12-17 11:40:50.075root 11241100x8000000000000000142045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.076{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5378caf28261c46d2021-12-17 11:40:50.076root 11241100x8000000000000000142046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05615e827df89b722021-12-17 11:40:50.077root 11241100x8000000000000000142047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059f6a74590651392021-12-17 11:40:50.077root 11241100x8000000000000000142048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972a15b03c19b4d72021-12-17 11:40:50.077root 11241100x8000000000000000142049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc300f103fa6c2e2021-12-17 11:40:50.077root 11241100x8000000000000000142050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ddf9100c4d3bfd2021-12-17 11:40:50.077root 11241100x8000000000000000142051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eee9ef61f1984f72021-12-17 11:40:50.077root 11241100x8000000000000000142052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf73c9f9aeecf9f22021-12-17 11:40:50.077root 11241100x8000000000000000142053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fb9254e6c7fb402021-12-17 11:40:50.077root 11241100x8000000000000000142054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2c15e3c00942902021-12-17 11:40:50.077root 11241100x8000000000000000142055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f5dd034c6be9112021-12-17 11:40:50.077root 11241100x8000000000000000142056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.077{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00481a48a30b7a22021-12-17 11:40:50.077root 11241100x8000000000000000142057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46f72a110657ee42021-12-17 11:40:50.078root 11241100x8000000000000000142058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dca950eddb3c282021-12-17 11:40:50.078root 11241100x8000000000000000142059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05383b0813850f9e2021-12-17 11:40:50.078root 11241100x8000000000000000142060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02d5d0d4b952d8f2021-12-17 11:40:50.078root 11241100x8000000000000000142061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb63786c4a11e0a2021-12-17 11:40:50.078root 11241100x8000000000000000142062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fc711229ba34db2021-12-17 11:40:50.078root 11241100x8000000000000000142063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cd7f26338c6d3c2021-12-17 11:40:50.078root 11241100x8000000000000000142064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc8506c93379a982021-12-17 11:40:50.078root 11241100x8000000000000000142065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.078{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08ae13fd05720b32021-12-17 11:40:50.078root 11241100x8000000000000000142066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207cb14e06fd0d0f2021-12-17 11:40:50.079root 11241100x8000000000000000142067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.079{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc1769e2174bfad2021-12-17 11:40:50.079root 11241100x8000000000000000142068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b047bb58254a0d82021-12-17 11:40:50.080root 11241100x8000000000000000142069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e014ec618004fe32021-12-17 11:40:50.080root 11241100x8000000000000000142070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecb098b2fd4d5ff2021-12-17 11:40:50.080root 11241100x8000000000000000142071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472b3bcf71f788ce2021-12-17 11:40:50.080root 11241100x8000000000000000142072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7d25261776d3532021-12-17 11:40:50.080root 11241100x8000000000000000142073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7fc9b297c486f32021-12-17 11:40:50.080root 11241100x8000000000000000142074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0377f478e8a52662021-12-17 11:40:50.080root 11241100x8000000000000000142075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7a5d1a1dcff7e02021-12-17 11:40:50.080root 11241100x8000000000000000142076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ba2b334eb4e5e32021-12-17 11:40:50.080root 11241100x8000000000000000142077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.080{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63dffef22b6454e2021-12-17 11:40:50.080root 11241100x8000000000000000142078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013b457e7042eee92021-12-17 11:40:50.081root 11241100x8000000000000000142079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908fa0ae28a7ccbf2021-12-17 11:40:50.081root 11241100x8000000000000000142080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0a21b23ba138232021-12-17 11:40:50.081root 11241100x8000000000000000142081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc63a14015921952021-12-17 11:40:50.081root 11241100x8000000000000000142082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855da15c778803b22021-12-17 11:40:50.081root 11241100x8000000000000000142083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7afbce94d1d8462021-12-17 11:40:50.081root 11241100x8000000000000000142084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbce9c28a566d5e2021-12-17 11:40:50.081root 11241100x8000000000000000142085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2672b3390bf4f08d2021-12-17 11:40:50.081root 11241100x8000000000000000142086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c550a253fb9460d2021-12-17 11:40:50.081root 11241100x8000000000000000142087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b02dba9c862f73f2021-12-17 11:40:50.081root 11241100x8000000000000000142088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc5e8410a55ca122021-12-17 11:40:50.081root 11241100x8000000000000000142089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.081{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb2bf415a8fab672021-12-17 11:40:50.081root 11241100x8000000000000000142090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b0d05bdd32d4a62021-12-17 11:40:50.082root 11241100x8000000000000000142091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.082{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e329c9b99fcc52cd2021-12-17 11:40:50.082root 11241100x8000000000000000142092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7725ab25a36457e72021-12-17 11:40:50.083root 11241100x8000000000000000142093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d19fcd87141aaba2021-12-17 11:40:50.083root 11241100x8000000000000000142094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a01d3530bf3d18b2021-12-17 11:40:50.083root 11241100x8000000000000000142095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90335290444c49122021-12-17 11:40:50.083root 11241100x8000000000000000142096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9374a401507c232a2021-12-17 11:40:50.083root 11241100x8000000000000000142097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99131ff68bec7a2021-12-17 11:40:50.083root 11241100x8000000000000000142098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ca48416cbfaad42021-12-17 11:40:50.083root 11241100x8000000000000000142099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855f148063df10bc2021-12-17 11:40:50.083root 11241100x8000000000000000142100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.083{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54b201df21d17132021-12-17 11:40:50.083root 11241100x8000000000000000142101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98069a371bab2b62021-12-17 11:40:50.084root 11241100x8000000000000000142102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8a9e288bd5481c2021-12-17 11:40:50.084root 11241100x8000000000000000142103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.084{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9da34a5a078d92c2021-12-17 11:40:50.084root 11241100x8000000000000000142104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919257898b3117c92021-12-17 11:40:50.085root 11241100x8000000000000000142105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91687d365ec760832021-12-17 11:40:50.085root 11241100x8000000000000000142106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d8bb8f1ee6faf12021-12-17 11:40:50.085root 11241100x8000000000000000142107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151d6cdd0a02a0f92021-12-17 11:40:50.085root 11241100x8000000000000000142108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35005cd8f1d0efa2021-12-17 11:40:50.085root 11241100x8000000000000000142109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07beda0a94cee1762021-12-17 11:40:50.085root 11241100x8000000000000000142110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfea906eeea055742021-12-17 11:40:50.085root 11241100x8000000000000000142111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa8081352b916a22021-12-17 11:40:50.085root 11241100x8000000000000000142112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.085{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b605280922a775e2021-12-17 11:40:50.085root 11241100x8000000000000000142113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22c3e909cfb06322021-12-17 11:40:50.086root 11241100x8000000000000000142114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966bc123ac0b96572021-12-17 11:40:50.086root 11241100x8000000000000000142115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8d8ced9c668d852021-12-17 11:40:50.086root 11241100x8000000000000000142116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7244bcbb186d9d582021-12-17 11:40:50.086root 11241100x8000000000000000142117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdaa115ccb9f6112021-12-17 11:40:50.086root 11241100x8000000000000000142118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2389f9e5a283777c2021-12-17 11:40:50.086root 11241100x8000000000000000142119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a288cbedb616cfa32021-12-17 11:40:50.086root 11241100x8000000000000000142120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d824f4ff5e4167bf2021-12-17 11:40:50.086root 11241100x8000000000000000142121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18918781ebfc0f52021-12-17 11:40:50.086root 11241100x8000000000000000142122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.086{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c9dc401f804d232021-12-17 11:40:50.086root 11241100x8000000000000000142123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a7653ed037669b2021-12-17 11:40:50.556root 11241100x8000000000000000142124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723aaa0eecd39efc2021-12-17 11:40:50.556root 11241100x8000000000000000142125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99672ee9f97a5b102021-12-17 11:40:50.556root 11241100x8000000000000000142126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d093fb2a4e90bf9c2021-12-17 11:40:50.557root 11241100x8000000000000000142127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58171563fb2b11382021-12-17 11:40:50.557root 11241100x8000000000000000142128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcd98baa6736d142021-12-17 11:40:50.557root 11241100x8000000000000000142129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59134daac44f1cbc2021-12-17 11:40:50.557root 11241100x8000000000000000142130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d870cec3ec52c872021-12-17 11:40:50.557root 11241100x8000000000000000142131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28116dfc59bf8c962021-12-17 11:40:50.557root 11241100x8000000000000000142132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4af33221ac6fc02021-12-17 11:40:50.557root 11241100x8000000000000000142133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d2fcb722ee4d0b2021-12-17 11:40:50.557root 11241100x8000000000000000142134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0713a1c81b4e43822021-12-17 11:40:50.557root 11241100x8000000000000000142135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7b5b528872cbad2021-12-17 11:40:50.557root 11241100x8000000000000000142136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b29b1f9e543c1252021-12-17 11:40:50.557root 11241100x8000000000000000142137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785e22fc1e9b6dc02021-12-17 11:40:50.558root 11241100x8000000000000000142138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bfbd580531f5132021-12-17 11:40:50.558root 11241100x8000000000000000142139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c582b93158b8eda2021-12-17 11:40:50.558root 11241100x8000000000000000142140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02dabe9bda0f8632021-12-17 11:40:50.558root 11241100x8000000000000000142141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac82f5b86a7724ac2021-12-17 11:40:50.558root 11241100x8000000000000000142142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64138706cc7ac772021-12-17 11:40:50.558root 11241100x8000000000000000142143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b96fcbc9d71bc022021-12-17 11:40:50.560root 11241100x8000000000000000142144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402d448008fc06a02021-12-17 11:40:50.560root 11241100x8000000000000000142145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f05e3671cfc01dd2021-12-17 11:40:50.560root 11241100x8000000000000000142146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d016f3a2b7f37b3e2021-12-17 11:40:50.560root 11241100x8000000000000000142147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37901b74a233abeb2021-12-17 11:40:50.560root 11241100x8000000000000000142148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb4e5e2d000250f2021-12-17 11:40:50.560root 11241100x8000000000000000142149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce2070e8a0afb232021-12-17 11:40:50.560root 11241100x8000000000000000142150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78768ddcf97c70f2021-12-17 11:40:50.560root 11241100x8000000000000000142151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea05ed43cd66022d2021-12-17 11:40:50.561root 11241100x8000000000000000142152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37eb3393fda7ab282021-12-17 11:40:50.561root 11241100x8000000000000000142153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1ddbf9e166c7ee2021-12-17 11:40:50.561root 11241100x8000000000000000142154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014bb1676bacca672021-12-17 11:40:50.561root 11241100x8000000000000000142155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9c6026c61ee2732021-12-17 11:40:50.561root 11241100x8000000000000000142156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4cbe0faa688b482021-12-17 11:40:50.561root 11241100x8000000000000000142157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e462ea1016f5f9992021-12-17 11:40:50.561root 11241100x8000000000000000142158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8c372988d232a02021-12-17 11:40:50.561root 11241100x8000000000000000142159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-6d55-61bc-c85a-314532560000}466/lib/systemd/systemd-journald/var/log/journal/ec28ba6a005148af9605a78627612212/system.journal2021-12-17 11:40:50.561root 11241100x8000000000000000142160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdcf6b2fd5874bf2021-12-17 11:40:50.561root 11241100x8000000000000000142161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ebe948c330c9e72021-12-17 11:40:50.561root 11241100x8000000000000000142162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3fc2121e7ec2ae2021-12-17 11:40:50.561root 11241100x8000000000000000142163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e5eed6a3c003fc2021-12-17 11:40:50.561root 11241100x8000000000000000142164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7ca977adeeb7b82021-12-17 11:40:50.561root 11241100x8000000000000000142165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257476e4d9bc14672021-12-17 11:40:50.561root 11241100x8000000000000000142166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4cc1d3427efe972021-12-17 11:40:50.562root 11241100x8000000000000000142167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4aa82540217ca72021-12-17 11:40:50.562root 11241100x8000000000000000142168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ed2b0e239a386a2021-12-17 11:40:50.562root 11241100x8000000000000000142169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908610156d255f022021-12-17 11:40:50.562root 11241100x8000000000000000142170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a609a7a2d5fb6c292021-12-17 11:40:50.563root 11241100x8000000000000000142171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9647d8c56e44a9592021-12-17 11:40:50.563root 11241100x8000000000000000142172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2f844a35964a422021-12-17 11:40:50.563root 11241100x8000000000000000142173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36f6545a1e2a9182021-12-17 11:40:50.563root 11241100x8000000000000000142174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f20843b7d914912021-12-17 11:40:50.563root 11241100x8000000000000000142175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbd34b7643497be2021-12-17 11:40:50.563root 11241100x8000000000000000142176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.563{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84733cec0e2535d92021-12-17 11:40:50.563root 11241100x8000000000000000142177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9436cc90d1b223c2021-12-17 11:40:50.565root 11241100x8000000000000000142178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4040c6eaac03bae2021-12-17 11:40:50.565root 11241100x8000000000000000142179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe3e61f16d956b32021-12-17 11:40:50.565root 11241100x8000000000000000142180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fc6ef3eb5968942021-12-17 11:40:50.565root 11241100x8000000000000000142181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.565{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bd0b5c7b1877692021-12-17 11:40:50.565root 11241100x8000000000000000142182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c190f0073ad20d2021-12-17 11:40:50.566root 11241100x8000000000000000142183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c03e30b72c01a12021-12-17 11:40:50.566root 11241100x8000000000000000142184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.566{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4359e02380c3bd2021-12-17 11:40:50.566root 11241100x8000000000000000142185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2774881af004a22021-12-17 11:40:50.567root 11241100x8000000000000000142186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dd8cd3909c78d12021-12-17 11:40:50.567root 11241100x8000000000000000142187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0df56ca8cb6b5d2021-12-17 11:40:50.567root 11241100x8000000000000000142188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da947f8a852b7222021-12-17 11:40:50.567root 11241100x8000000000000000142189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:40:50.567{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69efe4aeb1b97df52021-12-17 11:40:50.567root 354300x8000000000000000142268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:18.058{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43290-false10.0.1.12-8000- 11241100x8000000000000000142269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:18.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe2daa2bb3b317a2021-12-17 11:41:18.556root 11241100x8000000000000000142270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:19.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbbb6b812239ccc2021-12-17 11:41:19.056root 11241100x8000000000000000142271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:19.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5256b329b45e442021-12-17 11:41:19.556root 11241100x8000000000000000142272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:20.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1715ca357c7bf62021-12-17 11:41:20.056root 11241100x8000000000000000142273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:20.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4bb478b7b21bb22021-12-17 11:41:20.556root 11241100x8000000000000000142274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:21.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feabf613d5805b412021-12-17 11:41:21.057root 11241100x8000000000000000142275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:21.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceac58098bb6ab222021-12-17 11:41:21.556root 11241100x8000000000000000142276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:22.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6a523475cff8982021-12-17 11:41:22.056root 11241100x8000000000000000142277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:22.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8262300212a90a72021-12-17 11:41:22.556root 11241100x8000000000000000142278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:23.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfa15d6365f64112021-12-17 11:41:23.056root 354300x8000000000000000142279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:23.105{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43292-false10.0.1.12-8000- 11241100x8000000000000000142280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:23.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c80c32a989ebf32021-12-17 11:41:23.556root 11241100x8000000000000000142281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:23.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0158c872c1aee42b2021-12-17 11:41:23.556root 11241100x8000000000000000142282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:24.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057539fefd9e76b92021-12-17 11:41:24.056root 11241100x8000000000000000142283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:24.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a05be942450b9b02021-12-17 11:41:24.056root 11241100x8000000000000000142284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:24.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776cbbd69fdbc2512021-12-17 11:41:24.556root 11241100x8000000000000000142285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:24.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c910ff83e3840e2021-12-17 11:41:24.556root 11241100x8000000000000000142286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:25.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be1e35da32487df2021-12-17 11:41:25.056root 11241100x8000000000000000142287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:25.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016beca41113d6992021-12-17 11:41:25.056root 11241100x8000000000000000142288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:25.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ddbcfbfe1d92792021-12-17 11:41:25.556root 11241100x8000000000000000142289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:25.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8650c023425027732021-12-17 11:41:25.556root 11241100x8000000000000000142290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:26.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a020235f31e88a3d2021-12-17 11:41:26.056root 11241100x8000000000000000142291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:26.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdc5da3e1b2077a2021-12-17 11:41:26.056root 11241100x8000000000000000142292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:26.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c73fd4782b250e2021-12-17 11:41:26.556root 11241100x8000000000000000142293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:26.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f66d8b58483c1e02021-12-17 11:41:26.556root 11241100x8000000000000000142294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:27.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16af62843a7357042021-12-17 11:41:27.056root 11241100x8000000000000000142295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:27.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ce8d5e6cb1cbbc2021-12-17 11:41:27.056root 11241100x8000000000000000142296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:27.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0197eede3d77132021-12-17 11:41:27.556root 11241100x8000000000000000142297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:27.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd321fdefc7f87532021-12-17 11:41:27.556root 11241100x8000000000000000142298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:28.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd89cbc55e2607582021-12-17 11:41:28.056root 11241100x8000000000000000142299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:28.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4c96140f94f5a32021-12-17 11:41:28.056root 11241100x8000000000000000142300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:28.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5aede0e90695b72021-12-17 11:41:28.556root 11241100x8000000000000000142301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:28.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa9e67bb66340962021-12-17 11:41:28.556root 11241100x8000000000000000142302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:29.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61659432ebf2bafc2021-12-17 11:41:29.056root 11241100x8000000000000000142303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:29.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45868573e24da02a2021-12-17 11:41:29.056root 354300x8000000000000000142304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:29.074{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43294-false10.0.1.12-8000- 11241100x8000000000000000142305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:29.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ab3866800a9e932021-12-17 11:41:29.556root 11241100x8000000000000000142306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:29.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4763944949fc71492021-12-17 11:41:29.556root 11241100x8000000000000000142307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:29.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dea27417bc35e8c2021-12-17 11:41:29.556root 11241100x8000000000000000142308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bed81c3b19262f2021-12-17 11:41:30.056root 11241100x8000000000000000142309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6e5e5dace2d4fd2021-12-17 11:41:30.056root 11241100x8000000000000000142310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6512feed9813efb62021-12-17 11:41:30.056root 11241100x8000000000000000142311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.183{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-17 11:41:30.183root 354300x8000000000000000142312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.384{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-40442-false10.0.1.12-8089- 11241100x8000000000000000142313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.384{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0af98cae4147aea2021-12-17 11:41:30.384root 11241100x8000000000000000142314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e503112e8e44b01a2021-12-17 11:41:30.385root 11241100x8000000000000000142315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bed469e340031032021-12-17 11:41:30.385root 11241100x8000000000000000142316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53aa44df584559d2021-12-17 11:41:30.385root 11241100x8000000000000000142317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688c32fb1e885f9b2021-12-17 11:41:30.385root 11241100x8000000000000000142318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4083a29105f8adb72021-12-17 11:41:30.806root 11241100x8000000000000000142319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f34637118bb549d2021-12-17 11:41:30.806root 11241100x8000000000000000142320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669ba124c7e9d2992021-12-17 11:41:30.806root 11241100x8000000000000000142321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39957d39203366662021-12-17 11:41:30.807root 11241100x8000000000000000142322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f0c83e0a947ee82021-12-17 11:41:30.807root 154100x8000000000000000142323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.813{ec28ba6a-776a-61bc-68f4-b93fbe550000}9423/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec28ba6a-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2255--- 534500x8000000000000000142324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:30.827{ec28ba6a-776a-61bc-68f4-b93fbe550000}9423/bin/psroot 11241100x8000000000000000142325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.306{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f128999cb0f5c8472021-12-17 11:41:31.306root 11241100x8000000000000000142326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.306{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180a91834de5faf02021-12-17 11:41:31.306root 11241100x8000000000000000142327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b529f104e0ba69642021-12-17 11:41:31.307root 11241100x8000000000000000142328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf7dba352f61b492021-12-17 11:41:31.307root 11241100x8000000000000000142329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69aaf445ebc74fc2021-12-17 11:41:31.307root 11241100x8000000000000000142330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38911e5fbd3babc42021-12-17 11:41:31.307root 11241100x8000000000000000142331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06393dfb75d138d62021-12-17 11:41:31.307root 11241100x8000000000000000142332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86afc01ac4af2452021-12-17 11:41:31.806root 11241100x8000000000000000142333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccf8ec6d8a79ccd2021-12-17 11:41:31.806root 11241100x8000000000000000142334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e7a2192ca72fd72021-12-17 11:41:31.806root 11241100x8000000000000000142335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ed77404960f7082021-12-17 11:41:31.806root 11241100x8000000000000000142336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.806{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1b6ba1d52802c82021-12-17 11:41:31.806root 11241100x8000000000000000142337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e25454eccc8d062021-12-17 11:41:31.807root 11241100x8000000000000000142338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:31.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5c69dbfc05a6d32021-12-17 11:41:31.807root 11241100x8000000000000000142339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.306{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a9b513a01a46a62021-12-17 11:41:32.306root 11241100x8000000000000000142340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.306{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12114b870201d65a2021-12-17 11:41:32.306root 11241100x8000000000000000142341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542d92684c995ea22021-12-17 11:41:32.307root 11241100x8000000000000000142342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b662a3927f36a38a2021-12-17 11:41:32.307root 11241100x8000000000000000142343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67ad65ec3ceb6bd2021-12-17 11:41:32.307root 11241100x8000000000000000142344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a4e3e31ba86c922021-12-17 11:41:32.307root 11241100x8000000000000000142345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c372b9282c3537b2021-12-17 11:41:32.307root 534500x8000000000000000142346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.769{00000000-0000-0000-0000-000000000000}9424<unknown process>ubuntu 11241100x8000000000000000142347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.770{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044f3fd90754d3892021-12-17 11:41:32.770root 11241100x8000000000000000142348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.771{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdec89d78bc0a3cf2021-12-17 11:41:32.771root 11241100x8000000000000000142349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.771{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfdd2fbb08a70992021-12-17 11:41:32.771root 11241100x8000000000000000142350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.771{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84811289ea27abec2021-12-17 11:41:32.771root 11241100x8000000000000000142351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.771{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b23b7bf17742842021-12-17 11:41:32.771root 11241100x8000000000000000142352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.771{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c1bb7faf4744732021-12-17 11:41:32.771root 11241100x8000000000000000142353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.772{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5397efc9e11a3832021-12-17 11:41:32.772root 11241100x8000000000000000142354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.772{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9bd1ea5de8dad92021-12-17 11:41:32.772root 534500x8000000000000000142355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.776{ec28ba6a-776c-61bc-0000-000000000000}9425-ubuntu 534500x8000000000000000142356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.777{00000000-0000-0000-0000-000000000000}9426<unknown process>ubuntu 11241100x8000000000000000142357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.778{ec28ba6a-70c8-61bc-0864-f69184550000}5342/bin/bash/tmp/sh-thd.3OsidP2021-12-17 11:41:32.778ubuntu 23542300x8000000000000000142358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:32.778{ec28ba6a-70c8-61bc-0864-f69184550000}5342ubuntu/bin/bash/tmp/sh-thd.3OsidP--- 11241100x8000000000000000142359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.056{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19717fc06dec61ba2021-12-17 11:41:33.056root 11241100x8000000000000000142360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5ed44201fa8cf62021-12-17 11:41:33.057root 11241100x8000000000000000142361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af486199d18e5782021-12-17 11:41:33.057root 11241100x8000000000000000142362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1243418898b770f02021-12-17 11:41:33.057root 11241100x8000000000000000142363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9805ebc9005e9222021-12-17 11:41:33.057root 11241100x8000000000000000142364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014b2761661fb2552021-12-17 11:41:33.057root 11241100x8000000000000000142365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf558613d20fb452021-12-17 11:41:33.057root 11241100x8000000000000000142366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffac028ee517aee2021-12-17 11:41:33.057root 11241100x8000000000000000142367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90b1da03ace14b22021-12-17 11:41:33.057root 11241100x8000000000000000142368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eedacc4397a8702021-12-17 11:41:33.057root 11241100x8000000000000000142369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab202f839df38ea2021-12-17 11:41:33.057root 11241100x8000000000000000142370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc5a3807da8ffc32021-12-17 11:41:33.058root 23542300x8000000000000000142371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.184{ec28ba6a-709b-61bc-30d8-78dfe0550000}5175root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 154100x8000000000000000142372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.378{ec28ba6a-776d-61bc-08fe-e962e3550000}9427/usr/bin/sudo-----sudo nano /etc/cron.hourly/persistevil/tmp/evil_workubuntu{ec28ba6a-70c8-61bc-e803-000000000000}10004no level-{ec28ba6a-70c8-61bc-0864-f69184550000}5342/bin/bash-bashubuntu 11241100x8000000000000000142373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ade5c4dcde66322021-12-17 11:41:33.380root 11241100x8000000000000000142374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e84a29f3abcb1a82021-12-17 11:41:33.380root 11241100x8000000000000000142375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be08e0db94476e62021-12-17 11:41:33.380root 11241100x8000000000000000142376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4a4c301ef6c4712021-12-17 11:41:33.380root 11241100x8000000000000000142377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822f393082a056332021-12-17 11:41:33.380root 11241100x8000000000000000142378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c204b3bdd14c0d8f2021-12-17 11:41:33.380root 11241100x8000000000000000142379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f37670a532b3dd2021-12-17 11:41:33.380root 11241100x8000000000000000142380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec4d7521b4428a52021-12-17 11:41:33.380root 11241100x8000000000000000142381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8fcaf91f9717202021-12-17 11:41:33.380root 11241100x8000000000000000142382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746546df788ff6d52021-12-17 11:41:33.380root 11241100x8000000000000000142383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.380{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59f51f4073fe16f2021-12-17 11:41:33.380root 11241100x8000000000000000142384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b45a1b0ac56542e2021-12-17 11:41:33.381root 11241100x8000000000000000142385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fcaf350e817f352021-12-17 11:41:33.381root 11241100x8000000000000000142386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcec200a1ed91312021-12-17 11:41:33.381root 354300x8000000000000000142387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.382{ec28ba6a-776d-61bc-08fe-e962e3550000}9427/usr/bin/sudoubuntuudptruefalse127.0.0.1-45432-false127.0.0.53-53- 354300x8000000000000000142388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.383{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-33508-false10.0.0.2-53- 354300x8000000000000000142389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.383{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-49174-false10.0.0.2-53- 354300x8000000000000000142390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.384{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45432- 354300x8000000000000000142391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.384{ec28ba6a-776d-61bc-08fe-e962e3550000}9427/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-49550- 354300x8000000000000000142392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.384{ec28ba6a-776d-61bc-08fe-e962e3550000}9427/usr/bin/sudoubuntuudptruefalse127.0.0.1-49550-false127.0.0.53-53- 354300x8000000000000000142393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.384{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-49550- 154100x8000000000000000142394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.387{ec28ba6a-776d-61bc-8012-f42a1f560000}9428/bin/nano-----nano /etc/cron.hourly/persistevil/tmp/evil_workroot{ec28ba6a-0000-0000-0000-000000000000}04no level-{ec28ba6a-776d-61bc-08fe-e962e3550000}9427/usr/bin/sudosudoubuntu 11241100x8000000000000000142395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.407{ec28ba6a-776d-61bc-8012-f42a1f560000}9428/bin/nano/etc/cron.hourly/.persistevil.swp2021-12-17 11:41:33.407root 11241100x8000000000000000142396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a5757f5acd43272021-12-17 11:41:33.807root 11241100x8000000000000000142397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc626ed3b8ea7c582021-12-17 11:41:33.807root 11241100x8000000000000000142398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353d683dea4c65cf2021-12-17 11:41:33.807root 11241100x8000000000000000142399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d213278c61b20e0d2021-12-17 11:41:33.808root 11241100x8000000000000000142400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581039c99fe75f052021-12-17 11:41:33.808root 11241100x8000000000000000142401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7138ab7b45a44d4b2021-12-17 11:41:33.808root 11241100x8000000000000000142402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfad58a84749c71e2021-12-17 11:41:33.808root 11241100x8000000000000000142403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f92f69727e9f8d92021-12-17 11:41:33.808root 11241100x8000000000000000142404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2e800889df246c2021-12-17 11:41:33.808root 11241100x8000000000000000142405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fed96b63ad356f2021-12-17 11:41:33.809root 11241100x8000000000000000142406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe37e7f3b2fe03632021-12-17 11:41:33.809root 11241100x8000000000000000142407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318abdbb87530b3f2021-12-17 11:41:33.809root 11241100x8000000000000000142408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326089be9ac29ecc2021-12-17 11:41:33.809root 11241100x8000000000000000142409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e1e7af767c2d782021-12-17 11:41:33.809root 11241100x8000000000000000142410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8c96f99f7227e42021-12-17 11:41:33.809root 11241100x8000000000000000142411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a60a8360a54fe2021-12-17 11:41:33.810root 11241100x8000000000000000142412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef5f49f65bd26162021-12-17 11:41:33.810root 11241100x8000000000000000142413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf34927d701b6a52021-12-17 11:41:33.810root 11241100x8000000000000000142414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8fcbfddbc21f452021-12-17 11:41:33.811root 11241100x8000000000000000142415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875cb46f6ece979d2021-12-17 11:41:33.811root 11241100x8000000000000000142416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314f99c3918d4a022021-12-17 11:41:33.812root 11241100x8000000000000000142417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e086eec0ce9ad9522021-12-17 11:41:33.812root 11241100x8000000000000000142418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:33.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f073edb418c052f82021-12-17 11:41:33.812root 354300x8000000000000000142419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.118{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43298-false10.0.1.12-8000- 11241100x8000000000000000142420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.120{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccb27f6fe02b9c62021-12-17 11:41:34.120root 11241100x8000000000000000142421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.120{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ea9f3839aab4c02021-12-17 11:41:34.120root 11241100x8000000000000000142422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.120{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9d0e514a959a6a2021-12-17 11:41:34.120root 11241100x8000000000000000142423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00146d7aed398fd12021-12-17 11:41:34.121root 11241100x8000000000000000142424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd51f6f7a1d4de572021-12-17 11:41:34.121root 11241100x8000000000000000142425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372d240f886085d92021-12-17 11:41:34.121root 11241100x8000000000000000142426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626ae351f329a4b12021-12-17 11:41:34.121root 11241100x8000000000000000142427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfda938d8a8adb802021-12-17 11:41:34.121root 11241100x8000000000000000142428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3723c55cbdb969aa2021-12-17 11:41:34.121root 11241100x8000000000000000142429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eabae6c9fa4d1072021-12-17 11:41:34.121root 11241100x8000000000000000142430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d490a1f261ad0f2021-12-17 11:41:34.121root 11241100x8000000000000000142431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.121{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08f97c50afcddd92021-12-17 11:41:34.121root 11241100x8000000000000000142432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41efe131c690b0802021-12-17 11:41:34.122root 11241100x8000000000000000142433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88966bd524deb9732021-12-17 11:41:34.122root 11241100x8000000000000000142434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cf7cf1f4295e3f2021-12-17 11:41:34.122root 11241100x8000000000000000142435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86587b89b0741872021-12-17 11:41:34.122root 11241100x8000000000000000142436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167d452bc8f560772021-12-17 11:41:34.122root 11241100x8000000000000000142437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6416797915df89532021-12-17 11:41:34.122root 11241100x8000000000000000142438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f452f75d09881c772021-12-17 11:41:34.122root 11241100x8000000000000000142439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6dafcd9f45f7b62021-12-17 11:41:34.122root 11241100x8000000000000000142440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8c8154779bb89b2021-12-17 11:41:34.122root 11241100x8000000000000000142441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e5802478f918712021-12-17 11:41:34.122root 11241100x8000000000000000142442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efca092900bf908a2021-12-17 11:41:34.122root 11241100x8000000000000000142443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.122{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd3fb96935616ef2021-12-17 11:41:34.122root 11241100x8000000000000000142444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1baf563f61287cf2021-12-17 11:41:34.557root 11241100x8000000000000000142445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e78a700da7cb002021-12-17 11:41:34.557root 11241100x8000000000000000142446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada7cb11046cb3932021-12-17 11:41:34.557root 11241100x8000000000000000142447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4352986820ea275c2021-12-17 11:41:34.557root 11241100x8000000000000000142448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467d35f182d9e4452021-12-17 11:41:34.558root 11241100x8000000000000000142449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce48dc0f42fc2732021-12-17 11:41:34.558root 11241100x8000000000000000142450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57def844fb1d5b9d2021-12-17 11:41:34.558root 11241100x8000000000000000142451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf34930cd1ee3412021-12-17 11:41:34.558root 11241100x8000000000000000142452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15755d263089ff62021-12-17 11:41:34.558root 11241100x8000000000000000142453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da799558c312e5b92021-12-17 11:41:34.558root 11241100x8000000000000000142454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e893e7dfae4ac3f2021-12-17 11:41:34.558root 11241100x8000000000000000142455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d85e40b7fa4a0b2021-12-17 11:41:34.558root 11241100x8000000000000000142456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b19a411953e37a82021-12-17 11:41:34.558root 11241100x8000000000000000142457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b46b94577ef00fe2021-12-17 11:41:34.558root 11241100x8000000000000000142458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d97882602cae0e72021-12-17 11:41:34.558root 11241100x8000000000000000142459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd291f2d0b075372021-12-17 11:41:34.558root 11241100x8000000000000000142460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe69895f95962db2021-12-17 11:41:34.558root 11241100x8000000000000000142461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48cded6034f6deb2021-12-17 11:41:34.558root 11241100x8000000000000000142462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac72ee944cec08f12021-12-17 11:41:34.559root 11241100x8000000000000000142463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447f1ff36685276e2021-12-17 11:41:34.559root 11241100x8000000000000000142464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6fd975a4260c992021-12-17 11:41:34.559root 11241100x8000000000000000142465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98660229a3370b12021-12-17 11:41:34.559root 11241100x8000000000000000142466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa61828ac72bb1d2021-12-17 11:41:34.559root 11241100x8000000000000000142467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:34.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b90e7808293188e2021-12-17 11:41:34.559root 11241100x8000000000000000142468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492338f5c3f7fbfe2021-12-17 11:41:35.057root 11241100x8000000000000000142469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae234828224bd3ff2021-12-17 11:41:35.057root 11241100x8000000000000000142470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0027cce54ea79d262021-12-17 11:41:35.058root 11241100x8000000000000000142471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefa1da1f3c041532021-12-17 11:41:35.058root 11241100x8000000000000000142472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed55c76e086e8402021-12-17 11:41:35.058root 11241100x8000000000000000142473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfd9f0bd51897512021-12-17 11:41:35.058root 11241100x8000000000000000142474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb27488214ceded2021-12-17 11:41:35.058root 11241100x8000000000000000142475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d37ed4172af529e2021-12-17 11:41:35.058root 11241100x8000000000000000142476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9e0cbf0f441e522021-12-17 11:41:35.058root 11241100x8000000000000000142477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d9d0fc7c6a56602021-12-17 11:41:35.058root 11241100x8000000000000000142478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4bc49803f679bb2021-12-17 11:41:35.058root 11241100x8000000000000000142479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2c86e9b0a358092021-12-17 11:41:35.059root 11241100x8000000000000000142480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b901087f840b4e442021-12-17 11:41:35.059root 11241100x8000000000000000142481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc0e2c7affa70992021-12-17 11:41:35.059root 11241100x8000000000000000142482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef676dc6e64325f02021-12-17 11:41:35.059root 11241100x8000000000000000142483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da0b64d1e9d5b772021-12-17 11:41:35.059root 11241100x8000000000000000142484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adee8a2ea8021362021-12-17 11:41:35.059root 11241100x8000000000000000142485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92d5ec8b04f2f592021-12-17 11:41:35.059root 11241100x8000000000000000142486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62de2473455fe4c2021-12-17 11:41:35.059root 11241100x8000000000000000142487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d433faee7e9830932021-12-17 11:41:35.059root 11241100x8000000000000000142488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0245bff908e176522021-12-17 11:41:35.059root 11241100x8000000000000000142489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f48a4a2cf60f1652021-12-17 11:41:35.059root 11241100x8000000000000000142490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab352e813735242d2021-12-17 11:41:35.059root 11241100x8000000000000000142491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb1bf9121bdfa2e2021-12-17 11:41:35.059root 11241100x8000000000000000142492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f0c81d6fd0f3502021-12-17 11:41:35.557root 11241100x8000000000000000142493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6abb769e409c6c2021-12-17 11:41:35.557root 11241100x8000000000000000142494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f530b219fee0272021-12-17 11:41:35.557root 11241100x8000000000000000142495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e0f86a656c45a02021-12-17 11:41:35.557root 11241100x8000000000000000142496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb649ebae347bba52021-12-17 11:41:35.557root 11241100x8000000000000000142497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9eac9d4bbee1dd2021-12-17 11:41:35.557root 11241100x8000000000000000142498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd39192217b75c82021-12-17 11:41:35.558root 11241100x8000000000000000142499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8fea3e6baf3fcc2021-12-17 11:41:35.558root 11241100x8000000000000000142500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6349eff2f643042d2021-12-17 11:41:35.558root 11241100x8000000000000000142501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfa87c7c1f2af5d2021-12-17 11:41:35.558root 11241100x8000000000000000142502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d6506a20e157952021-12-17 11:41:35.558root 11241100x8000000000000000142503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f28d26b23bb4ed2021-12-17 11:41:35.558root 11241100x8000000000000000142504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca67f0c4f9bd74542021-12-17 11:41:35.558root 11241100x8000000000000000142505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef8fa2c7d820a0f2021-12-17 11:41:35.558root 11241100x8000000000000000142506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96771aa42719a0ef2021-12-17 11:41:35.558root 11241100x8000000000000000142507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e858e3da8160ca2021-12-17 11:41:35.558root 11241100x8000000000000000142508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab3da53bded2d9c2021-12-17 11:41:35.558root 11241100x8000000000000000142509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290e226751ccf7fe2021-12-17 11:41:35.558root 11241100x8000000000000000142510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f249b57cfd52ca592021-12-17 11:41:35.558root 11241100x8000000000000000142511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257c111b70f50a622021-12-17 11:41:35.558root 11241100x8000000000000000142512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a9a095637c04c82021-12-17 11:41:35.558root 11241100x8000000000000000142513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4ba07c64d0bea72021-12-17 11:41:35.559root 11241100x8000000000000000142514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb670264abeca1d2021-12-17 11:41:35.559root 11241100x8000000000000000142515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccb15d3db0a21a22021-12-17 11:41:35.559root 23542300x8000000000000000142516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.966{ec28ba6a-776d-61bc-8012-f42a1f560000}9428root/bin/nano/etc/cron.hourly/.persistevil.swp--- 534500x8000000000000000142517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.967{ec28ba6a-776d-61bc-8012-f42a1f560000}9428/bin/nanoroot 534500x8000000000000000142518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.968{ec28ba6a-776d-61bc-08fe-e962e3550000}9427/usr/bin/sudoroot 11241100x8000000000000000142519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.968{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2051726ff075ddbe2021-12-17 11:41:35.968root 11241100x8000000000000000142520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.968{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7194eed8fc25bb542021-12-17 11:41:35.968root 11241100x8000000000000000142521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.968{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffd5f317e6ffcbb2021-12-17 11:41:35.968root 11241100x8000000000000000142522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.968{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd40bfb943e75aac2021-12-17 11:41:35.968root 11241100x8000000000000000142523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.968{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690b4e1c79c122562021-12-17 11:41:35.968root 11241100x8000000000000000142524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.968{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8df7396332322282021-12-17 11:41:35.968root 11241100x8000000000000000142525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.968{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b158e2eff5a41fc2021-12-17 11:41:35.968root 11241100x8000000000000000142526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.968{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9f104dc3843a8d2021-12-17 11:41:35.968root 11241100x8000000000000000142527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.969{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3394ac68ead4cc352021-12-17 11:41:35.969root 11241100x8000000000000000142528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.969{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c07a3fccaff0102021-12-17 11:41:35.969root 11241100x8000000000000000142529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.969{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dff2fa18c42b952021-12-17 11:41:35.969root 11241100x8000000000000000142530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.969{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfa8182a158643c2021-12-17 11:41:35.969root 11241100x8000000000000000142531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.969{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e40f7dcc825a662021-12-17 11:41:35.969root 11241100x8000000000000000142532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.969{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3addc98b810dd49f2021-12-17 11:41:35.969root 11241100x8000000000000000142533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.969{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddbc32e88dc7a9a2021-12-17 11:41:35.969root 11241100x8000000000000000142534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.969{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766e1519f2a0dc782021-12-17 11:41:35.969root 11241100x8000000000000000142535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.969{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcf53d0450e5cf92021-12-17 11:41:35.969root 11241100x8000000000000000142536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.970{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46745f3a6b300902021-12-17 11:41:35.970root 11241100x8000000000000000142537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.970{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb037b1882b779eb2021-12-17 11:41:35.970root 11241100x8000000000000000142538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.970{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f917809055f9112021-12-17 11:41:35.970root 11241100x8000000000000000142539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.970{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe7bb6f7615dcbb2021-12-17 11:41:35.970root 11241100x8000000000000000142540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.970{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb60a9118306d1a2021-12-17 11:41:35.970root 11241100x8000000000000000142541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.970{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e04870baa3eab642021-12-17 11:41:35.970root 11241100x8000000000000000142542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.970{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0053bc89586456f02021-12-17 11:41:35.970root 11241100x8000000000000000142543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.970{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81056389c0649532021-12-17 11:41:35.970root 11241100x8000000000000000142544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.970{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5a1323c57931d92021-12-17 11:41:35.970root 11241100x8000000000000000142545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.971{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3464e2c87d8d1f1a2021-12-17 11:41:35.971root 11241100x8000000000000000142546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.971{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2179305f257506f2021-12-17 11:41:35.971root 11241100x8000000000000000142547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.971{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2ee5b099caf13d2021-12-17 11:41:35.971root 11241100x8000000000000000142548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.971{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75711835e727af62021-12-17 11:41:35.971root 11241100x8000000000000000142549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.971{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4faf532f95193ee2021-12-17 11:41:35.971root 11241100x8000000000000000142550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.971{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2d8a0bd35bb8102021-12-17 11:41:35.971root 11241100x8000000000000000142551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.971{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7190551eda3d0982021-12-17 11:41:35.971root 11241100x8000000000000000142552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:35.971{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe9d57604fc7d882021-12-17 11:41:35.971root 11241100x8000000000000000142553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e2238e8732d5122021-12-17 11:41:36.307root 11241100x8000000000000000142554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb642f3b82173922021-12-17 11:41:36.307root 11241100x8000000000000000142555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c07c84da9da53b2021-12-17 11:41:36.308root 11241100x8000000000000000142556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6d370c901a91a12021-12-17 11:41:36.308root 11241100x8000000000000000142557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdde673700503cd72021-12-17 11:41:36.308root 11241100x8000000000000000142558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8698baddc2df8162021-12-17 11:41:36.308root 11241100x8000000000000000142559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4236f99a4ff66cd2021-12-17 11:41:36.308root 11241100x8000000000000000142560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddab9f85e54cd322021-12-17 11:41:36.308root 11241100x8000000000000000142561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0317d9d307eaa82021-12-17 11:41:36.308root 11241100x8000000000000000142562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8da4e33e1b025b2021-12-17 11:41:36.309root 11241100x8000000000000000142563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1774bd64e05915532021-12-17 11:41:36.309root 11241100x8000000000000000142564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bc9f2459f144902021-12-17 11:41:36.309root 11241100x8000000000000000142565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bd82a4cb2db6d22021-12-17 11:41:36.309root 11241100x8000000000000000142566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697067b5dcba0c472021-12-17 11:41:36.309root 11241100x8000000000000000142567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e2b56805e5ea992021-12-17 11:41:36.309root 11241100x8000000000000000142568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2336f6030c088f2021-12-17 11:41:36.309root 11241100x8000000000000000142569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a52a081ce6544da2021-12-17 11:41:36.309root 11241100x8000000000000000142570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3957695fbca8d8ee2021-12-17 11:41:36.309root 11241100x8000000000000000142571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2177b8d2d64e4cfd2021-12-17 11:41:36.310root 11241100x8000000000000000142572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c131853f975251962021-12-17 11:41:36.310root 11241100x8000000000000000142573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df8faf996560f692021-12-17 11:41:36.310root 11241100x8000000000000000142574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5051f378649646e2021-12-17 11:41:36.310root 11241100x8000000000000000142575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100167d23127c9362021-12-17 11:41:36.310root 11241100x8000000000000000142576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9254a9aae49389af2021-12-17 11:41:36.310root 11241100x8000000000000000142577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.311{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d0f76f9736954e2021-12-17 11:41:36.311root 11241100x8000000000000000142578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.311{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e7fbfaaf42c6a12021-12-17 11:41:36.311root 11241100x8000000000000000142579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.311{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bda925bd38f98f2021-12-17 11:41:36.311root 11241100x8000000000000000142580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966067bac24accbb2021-12-17 11:41:36.807root 11241100x8000000000000000142581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2e00c0278ec4c02021-12-17 11:41:36.807root 11241100x8000000000000000142582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be96085e877ec4092021-12-17 11:41:36.808root 11241100x8000000000000000142583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd24d5e5c85ccd92021-12-17 11:41:36.808root 11241100x8000000000000000142584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f960c316c06acf2021-12-17 11:41:36.808root 11241100x8000000000000000142585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e167ac4edf0830da2021-12-17 11:41:36.808root 11241100x8000000000000000142586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e518768ccfd3648a2021-12-17 11:41:36.808root 11241100x8000000000000000142587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a503fb84d6731622021-12-17 11:41:36.808root 11241100x8000000000000000142588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f5382a60f778f72021-12-17 11:41:36.808root 11241100x8000000000000000142589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4202dd9bb192dbf32021-12-17 11:41:36.809root 11241100x8000000000000000142590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c5da63925daa322021-12-17 11:41:36.809root 11241100x8000000000000000142591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261f09881d8950062021-12-17 11:41:36.809root 11241100x8000000000000000142592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824509095bc8b4aa2021-12-17 11:41:36.809root 11241100x8000000000000000142593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5ba5047c3151b72021-12-17 11:41:36.809root 11241100x8000000000000000142594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefe5dcbb19618cd2021-12-17 11:41:36.809root 11241100x8000000000000000142595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab5c9280165c2202021-12-17 11:41:36.810root 11241100x8000000000000000142596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947c02ee96e681fa2021-12-17 11:41:36.810root 11241100x8000000000000000142597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad192032027b5e22021-12-17 11:41:36.810root 11241100x8000000000000000142598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3958df9d72688222021-12-17 11:41:36.810root 11241100x8000000000000000142599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55e01190463469c2021-12-17 11:41:36.810root 11241100x8000000000000000142600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68b5f31bb56910d2021-12-17 11:41:36.810root 11241100x8000000000000000142601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449535031874fa5a2021-12-17 11:41:36.810root 11241100x8000000000000000142602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb96f09c08c4e0212021-12-17 11:41:36.811root 11241100x8000000000000000142603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf183b5a1ad60dac2021-12-17 11:41:36.811root 11241100x8000000000000000142604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c59f08343fd8bb2021-12-17 11:41:36.811root 11241100x8000000000000000142605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29183b3b7b89cba32021-12-17 11:41:36.812root 11241100x8000000000000000142606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:36.813{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f1f7efd2e55c0f2021-12-17 11:41:36.813root 11241100x8000000000000000142607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f9f1f02b8a40102021-12-17 11:41:37.307root 11241100x8000000000000000142608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb774ab94e2f1552021-12-17 11:41:37.307root 11241100x8000000000000000142609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5fe20d721728b22021-12-17 11:41:37.307root 11241100x8000000000000000142610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93054cd27598cbb12021-12-17 11:41:37.307root 11241100x8000000000000000142611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b9e4a16352ba7d2021-12-17 11:41:37.307root 11241100x8000000000000000142612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c316916bee7dd3622021-12-17 11:41:37.308root 11241100x8000000000000000142613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bd38248a7b02432021-12-17 11:41:37.308root 11241100x8000000000000000142614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9aee9705217d93c2021-12-17 11:41:37.308root 11241100x8000000000000000142615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c3bf286305e8c22021-12-17 11:41:37.308root 11241100x8000000000000000142616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9793c60295ada6212021-12-17 11:41:37.308root 11241100x8000000000000000142617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a299bb12e8b51a2021-12-17 11:41:37.308root 11241100x8000000000000000142618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef23b20567f6d7ae2021-12-17 11:41:37.308root 11241100x8000000000000000142619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1e1be5e079734d2021-12-17 11:41:37.308root 11241100x8000000000000000142620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ffa181bf6049472021-12-17 11:41:37.308root 11241100x8000000000000000142621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35540677ade5fe32021-12-17 11:41:37.308root 11241100x8000000000000000142622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c01eb40b742605f2021-12-17 11:41:37.308root 11241100x8000000000000000142623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6dfa63516245ba52021-12-17 11:41:37.309root 11241100x8000000000000000142624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92799c447231a1a32021-12-17 11:41:37.309root 11241100x8000000000000000142625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa25c23c1b7623172021-12-17 11:41:37.309root 11241100x8000000000000000142626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2d9075cc60335f2021-12-17 11:41:37.309root 11241100x8000000000000000142627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bf9f10a3a6fc662021-12-17 11:41:37.309root 11241100x8000000000000000142628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4306ac00c38ec72021-12-17 11:41:37.309root 11241100x8000000000000000142629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1da9a680f7abe52021-12-17 11:41:37.309root 11241100x8000000000000000142630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c78d189224861f2021-12-17 11:41:37.309root 11241100x8000000000000000142631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea23cb3157c577f2021-12-17 11:41:37.309root 11241100x8000000000000000142632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc76ef880b103b8f2021-12-17 11:41:37.309root 11241100x8000000000000000142633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424b9a94ea5ea95a2021-12-17 11:41:37.310root 11241100x8000000000000000142634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9095a1b05ac996c2021-12-17 11:41:37.807root 11241100x8000000000000000142635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773b70426832b26d2021-12-17 11:41:37.807root 11241100x8000000000000000142636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a24065d6ee79b842021-12-17 11:41:37.807root 11241100x8000000000000000142637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1a048d0622c17b2021-12-17 11:41:37.807root 11241100x8000000000000000142638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8188e6aee77cf3d12021-12-17 11:41:37.808root 11241100x8000000000000000142639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a933c98877779dbc2021-12-17 11:41:37.808root 11241100x8000000000000000142640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e3c6cbf77c79882021-12-17 11:41:37.808root 11241100x8000000000000000142641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e245b3755e036a2021-12-17 11:41:37.808root 11241100x8000000000000000142642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d156cb168c3285b92021-12-17 11:41:37.808root 11241100x8000000000000000142643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fcba7eec36085e2021-12-17 11:41:37.808root 11241100x8000000000000000142644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a7e02c73d989312021-12-17 11:41:37.808root 11241100x8000000000000000142645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a16370d66d0e492021-12-17 11:41:37.808root 11241100x8000000000000000142646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9453c06d3a38ff2021-12-17 11:41:37.808root 11241100x8000000000000000142647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79503b814bcf8092021-12-17 11:41:37.808root 11241100x8000000000000000142648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82f5bcbefff07422021-12-17 11:41:37.809root 11241100x8000000000000000142649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00812833354a7ba22021-12-17 11:41:37.809root 11241100x8000000000000000142650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90ce9c0e3d781962021-12-17 11:41:37.809root 11241100x8000000000000000142651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a38cb9dd5eb9f12021-12-17 11:41:37.809root 11241100x8000000000000000142652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f097d26ebd2cde192021-12-17 11:41:37.809root 11241100x8000000000000000142653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54008c61cb26fb112021-12-17 11:41:37.809root 11241100x8000000000000000142654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489dd4b11c88b8e62021-12-17 11:41:37.809root 11241100x8000000000000000142655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6026f3cef8afb3dd2021-12-17 11:41:37.810root 11241100x8000000000000000142656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3a4a7b23147eb42021-12-17 11:41:37.810root 11241100x8000000000000000142657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a03834aab332572021-12-17 11:41:37.810root 11241100x8000000000000000142658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0d0f7959134a6c2021-12-17 11:41:37.810root 11241100x8000000000000000142659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4530eeffa5861b2021-12-17 11:41:37.810root 11241100x8000000000000000142660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:37.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18d5ad50e6d798d2021-12-17 11:41:37.810root 11241100x8000000000000000142661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cf252d2ce58d112021-12-17 11:41:38.307root 11241100x8000000000000000142662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bd69285c274f3e2021-12-17 11:41:38.307root 11241100x8000000000000000142663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fb5952f0a1bb3b2021-12-17 11:41:38.307root 11241100x8000000000000000142664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6a01616857b0762021-12-17 11:41:38.307root 11241100x8000000000000000142665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.307{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd66c29baf2249772021-12-17 11:41:38.307root 11241100x8000000000000000142666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f954ae3c04744d602021-12-17 11:41:38.308root 11241100x8000000000000000142667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1267d00c8b46062021-12-17 11:41:38.308root 11241100x8000000000000000142668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2b423dce89bbcc2021-12-17 11:41:38.308root 11241100x8000000000000000142669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbea19e05ac15f642021-12-17 11:41:38.308root 11241100x8000000000000000142670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1e3376094efac92021-12-17 11:41:38.308root 11241100x8000000000000000142671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806e2a4f56be47d62021-12-17 11:41:38.308root 11241100x8000000000000000142672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d088ac49fb0772152021-12-17 11:41:38.308root 11241100x8000000000000000142673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0aaf0982888ab72021-12-17 11:41:38.308root 11241100x8000000000000000142674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d6f30e9ad0b8e12021-12-17 11:41:38.309root 11241100x8000000000000000142675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216b837fb257b35f2021-12-17 11:41:38.309root 11241100x8000000000000000142676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8592ecdb9a7ce3232021-12-17 11:41:38.309root 11241100x8000000000000000142677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7b09ef1333c7492021-12-17 11:41:38.309root 11241100x8000000000000000142678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ba7c64ed2160c12021-12-17 11:41:38.309root 11241100x8000000000000000142679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac91e4bb2e979712021-12-17 11:41:38.309root 11241100x8000000000000000142680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5309ddb97cf16c2021-12-17 11:41:38.309root 11241100x8000000000000000142681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0767e9ac97aa10e22021-12-17 11:41:38.309root 11241100x8000000000000000142682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8652271810a73b8d2021-12-17 11:41:38.309root 11241100x8000000000000000142683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c57345656ce86702021-12-17 11:41:38.310root 11241100x8000000000000000142684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059e1c051ffc80482021-12-17 11:41:38.310root 11241100x8000000000000000142685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.311{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84f4f82225bda4b2021-12-17 11:41:38.311root 11241100x8000000000000000142686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.311{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2ef1567b1146862021-12-17 11:41:38.311root 11241100x8000000000000000142687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.311{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b569cbdf1bc86a42021-12-17 11:41:38.311root 11241100x8000000000000000142688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673c13009ff016122021-12-17 11:41:38.807root 11241100x8000000000000000142689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9243ed77dba6b32021-12-17 11:41:38.807root 11241100x8000000000000000142690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2438bc206f4e1f332021-12-17 11:41:38.807root 11241100x8000000000000000142691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d68c5378da4b5b2021-12-17 11:41:38.807root 11241100x8000000000000000142692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.807{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04da2b2f3d5b5c792021-12-17 11:41:38.807root 11241100x8000000000000000142693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d0f2159f4947b02021-12-17 11:41:38.808root 11241100x8000000000000000142694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8ccd39259fa27b2021-12-17 11:41:38.808root 11241100x8000000000000000142695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d872e1aa5ada6a82021-12-17 11:41:38.808root 11241100x8000000000000000142696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101f46842bb1e4a02021-12-17 11:41:38.808root 11241100x8000000000000000142697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7dafd7381593dd2021-12-17 11:41:38.808root 11241100x8000000000000000142698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2efe30c58f90842021-12-17 11:41:38.808root 11241100x8000000000000000142699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5b42106e38a1282021-12-17 11:41:38.808root 11241100x8000000000000000142700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb6da16fd07f3202021-12-17 11:41:38.808root 11241100x8000000000000000142701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2ccc5c2e8ea8032021-12-17 11:41:38.808root 11241100x8000000000000000142702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983c67c8191b28082021-12-17 11:41:38.808root 11241100x8000000000000000142703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe93b2ba5989371e2021-12-17 11:41:38.808root 11241100x8000000000000000142704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f239b489d42655a2021-12-17 11:41:38.809root 11241100x8000000000000000142705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6639476a979563b52021-12-17 11:41:38.809root 11241100x8000000000000000142706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4596e3d904a649c62021-12-17 11:41:38.809root 11241100x8000000000000000142707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf9a10f5cda5b922021-12-17 11:41:38.809root 11241100x8000000000000000142708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d995c0a3a62313282021-12-17 11:41:38.809root 11241100x8000000000000000142709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4380bb51b2d79af2021-12-17 11:41:38.809root 11241100x8000000000000000142710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b680674b70274b092021-12-17 11:41:38.809root 11241100x8000000000000000142711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c821c6ae7eea222021-12-17 11:41:38.810root 11241100x8000000000000000142712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dc1592d29e7e272021-12-17 11:41:38.810root 11241100x8000000000000000142713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e870eca2f9a57fc32021-12-17 11:41:38.810root 11241100x8000000000000000142714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:38.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e6834ea86d34ff2021-12-17 11:41:38.810root 354300x8000000000000000142715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.186{ec28ba6a-70a3-61bc-5175-3a0400000000}5248/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-43300-false10.0.1.12-8000- 11241100x8000000000000000142716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dd01a499ab48002021-12-17 11:41:39.187root 11241100x8000000000000000142717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.187{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb91f9077acda6852021-12-17 11:41:39.187root 11241100x8000000000000000142718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bf6478ef9a60382021-12-17 11:41:39.188root 11241100x8000000000000000142719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5416e93e2850162021-12-17 11:41:39.188root 11241100x8000000000000000142720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12898f968ff88122021-12-17 11:41:39.188root 11241100x8000000000000000142721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b814a6e169ef5092021-12-17 11:41:39.188root 11241100x8000000000000000142722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2561445f2cf243f42021-12-17 11:41:39.188root 11241100x8000000000000000142723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d3caa0cc8e881a2021-12-17 11:41:39.188root 11241100x8000000000000000142724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383f1d9db5a14a762021-12-17 11:41:39.188root 11241100x8000000000000000142725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19eafba598ab71452021-12-17 11:41:39.188root 11241100x8000000000000000142726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7981bac1bec780112021-12-17 11:41:39.188root 11241100x8000000000000000142727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.188{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876842c69b8bd2a32021-12-17 11:41:39.188root 11241100x8000000000000000142728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c570712edc20f71a2021-12-17 11:41:39.189root 11241100x8000000000000000142729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f460ebf024e28c2021-12-17 11:41:39.189root 11241100x8000000000000000142730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275d6ff6523300732021-12-17 11:41:39.189root 11241100x8000000000000000142731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b07815f37760bf2021-12-17 11:41:39.189root 11241100x8000000000000000142732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71eec93d4796c1ab2021-12-17 11:41:39.189root 11241100x8000000000000000142733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945206d2954616802021-12-17 11:41:39.189root 11241100x8000000000000000142734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986319cfb59ae59c2021-12-17 11:41:39.189root 11241100x8000000000000000142735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.189{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a42217099b51912021-12-17 11:41:39.189root 11241100x8000000000000000142736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac30532eef0e34e2021-12-17 11:41:39.190root 11241100x8000000000000000142737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e91262817bdc47a2021-12-17 11:41:39.190root 11241100x8000000000000000142738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3899e62c001f897b2021-12-17 11:41:39.190root 11241100x8000000000000000142739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc339fe4333800a2021-12-17 11:41:39.190root 11241100x8000000000000000142740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.190{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8839b5bb1de3cc462021-12-17 11:41:39.190root 11241100x8000000000000000142741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e735a3ef3448b052021-12-17 11:41:39.191root 11241100x8000000000000000142742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501d8b85e0fc1e832021-12-17 11:41:39.191root 11241100x8000000000000000142743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf783c0cf9615712021-12-17 11:41:39.191root 11241100x8000000000000000142744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33feea4fe4978fd2021-12-17 11:41:39.191root 11241100x8000000000000000142745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab77e665dcb0f112021-12-17 11:41:39.191root 11241100x8000000000000000142746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843e3c40657deaff2021-12-17 11:41:39.191root 11241100x8000000000000000142747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fa80476fc007512021-12-17 11:41:39.191root 11241100x8000000000000000142748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe6b9a4b056f8462021-12-17 11:41:39.191root 11241100x8000000000000000142749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de4ddc728be874b2021-12-17 11:41:39.191root 11241100x8000000000000000142750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0762abd9b6f236dc2021-12-17 11:41:39.191root 11241100x8000000000000000142751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9aaeb2e969432c2021-12-17 11:41:39.191root 11241100x8000000000000000142752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.191{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1492d1607da6adc22021-12-17 11:41:39.191root 11241100x8000000000000000142753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.192{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eba6339d9b6bc12021-12-17 11:41:39.192root 11241100x8000000000000000142754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.192{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad14401f4ed38cc2021-12-17 11:41:39.192root 11241100x8000000000000000142755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.192{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544be43be43040ff2021-12-17 11:41:39.192root 11241100x8000000000000000142756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.192{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94ce705bf2aeded2021-12-17 11:41:39.192root 11241100x8000000000000000142757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.192{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40888b7a46383e0f2021-12-17 11:41:39.192root 11241100x8000000000000000142758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2ad68afc903bcb2021-12-17 11:41:39.557root 11241100x8000000000000000142759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4829bfbcfb2a9adb2021-12-17 11:41:39.557root 11241100x8000000000000000142760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3843acbe078490032021-12-17 11:41:39.558root 11241100x8000000000000000142761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdb5250fd2d38fd2021-12-17 11:41:39.558root 11241100x8000000000000000142762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d2fb04d38930b02021-12-17 11:41:39.558root 11241100x8000000000000000142763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e26ac04d3db8712021-12-17 11:41:39.558root 11241100x8000000000000000142764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ac60bf9ff28b5c2021-12-17 11:41:39.558root 11241100x8000000000000000142765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7a3bc560d3a63f2021-12-17 11:41:39.558root 11241100x8000000000000000142766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c1b7a6b041a47d2021-12-17 11:41:39.558root 11241100x8000000000000000142767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302da0996ffe2f8b2021-12-17 11:41:39.558root 11241100x8000000000000000142768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619a7f2cfa9e32712021-12-17 11:41:39.559root 11241100x8000000000000000142769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8ad7542e70c5ff2021-12-17 11:41:39.559root 11241100x8000000000000000142770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5a97474d3264d42021-12-17 11:41:39.559root 11241100x8000000000000000142771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b17498e28d30832021-12-17 11:41:39.559root 11241100x8000000000000000142772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4731640ccc4ebf742021-12-17 11:41:39.559root 11241100x8000000000000000142773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ac12160944ced32021-12-17 11:41:39.559root 11241100x8000000000000000142774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a1472740a286872021-12-17 11:41:39.560root 11241100x8000000000000000142775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02297e4d9700c2ef2021-12-17 11:41:39.561root 11241100x8000000000000000142776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bcddae4a9736d22021-12-17 11:41:39.561root 11241100x8000000000000000142777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b597eca15786c3832021-12-17 11:41:39.561root 11241100x8000000000000000142778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8989cdf8c4c30b2021-12-17 11:41:39.561root 11241100x8000000000000000142779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce83f4aec71cdf442021-12-17 11:41:39.562root 11241100x8000000000000000142780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702615d191c5c3352021-12-17 11:41:39.562root 11241100x8000000000000000142781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35c99a472e42d9a2021-12-17 11:41:39.562root 11241100x8000000000000000142782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9eacbbdd1230ba2021-12-17 11:41:39.562root 11241100x8000000000000000142783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b82c308cff86b22021-12-17 11:41:39.562root 11241100x8000000000000000142784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ca6b2d6aeacea32021-12-17 11:41:39.562root 11241100x8000000000000000142785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:39.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e7d2e6fa2a6eb22021-12-17 11:41:39.562root 11241100x8000000000000000142786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0082c96f439a60d72021-12-17 11:41:40.057root 11241100x8000000000000000142787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19217096ab53bc892021-12-17 11:41:40.057root 11241100x8000000000000000142788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308a36104bd8555f2021-12-17 11:41:40.057root 11241100x8000000000000000142789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12917cb7575d18b2021-12-17 11:41:40.057root 11241100x8000000000000000142790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f2b28ed3f2f5932021-12-17 11:41:40.058root 11241100x8000000000000000142791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8687f3f22e7a6cc2021-12-17 11:41:40.058root 11241100x8000000000000000142792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e6b704f8fe34362021-12-17 11:41:40.058root 11241100x8000000000000000142793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be7db8621552bc02021-12-17 11:41:40.058root 11241100x8000000000000000142794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c442e4baab23e52021-12-17 11:41:40.058root 11241100x8000000000000000142795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc006394b6e87f5c2021-12-17 11:41:40.058root 11241100x8000000000000000142796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761ca2fe2bf9164d2021-12-17 11:41:40.058root 11241100x8000000000000000142797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad667a36476ad192021-12-17 11:41:40.058root 11241100x8000000000000000142798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f770a06fbadea3e52021-12-17 11:41:40.058root 11241100x8000000000000000142799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d07dc3f97ea6f312021-12-17 11:41:40.058root 11241100x8000000000000000142800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d0ad235a2ab2c92021-12-17 11:41:40.058root 11241100x8000000000000000142801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5791094f84c4a9d02021-12-17 11:41:40.058root 11241100x8000000000000000142802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42818bb484cbfff02021-12-17 11:41:40.058root 11241100x8000000000000000142803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b825deb7f27cfd462021-12-17 11:41:40.058root 11241100x8000000000000000142804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9e7cfa68393eaf2021-12-17 11:41:40.059root 11241100x8000000000000000142805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671b8c4c7474e1bb2021-12-17 11:41:40.059root 11241100x8000000000000000142806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b2e3056b3b4fd22021-12-17 11:41:40.059root 11241100x8000000000000000142807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f346f7aa2eeb04182021-12-17 11:41:40.059root 11241100x8000000000000000142808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacc3093e8f873902021-12-17 11:41:40.059root 11241100x8000000000000000142809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedcf907092d417d2021-12-17 11:41:40.059root 11241100x8000000000000000142810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8be14e384a9b3282021-12-17 11:41:40.059root 11241100x8000000000000000142811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c8c52add0b24042021-12-17 11:41:40.059root 11241100x8000000000000000142812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa20354f9e497faf2021-12-17 11:41:40.059root 11241100x8000000000000000142813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765cd9f6eb6bfa452021-12-17 11:41:40.059root 11241100x8000000000000000142814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49be870c94bb74312021-12-17 11:41:40.557root 11241100x8000000000000000142815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e560879edd63242021-12-17 11:41:40.557root 11241100x8000000000000000142816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59b7147326855792021-12-17 11:41:40.557root 11241100x8000000000000000142817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc541d183bab2aa62021-12-17 11:41:40.557root 11241100x8000000000000000142818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc668ffb4e7e1a72021-12-17 11:41:40.558root 11241100x8000000000000000142819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89e1846faf3d45a2021-12-17 11:41:40.558root 11241100x8000000000000000142820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b9c3082d47035c2021-12-17 11:41:40.558root 11241100x8000000000000000142821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d766fa046d569752021-12-17 11:41:40.558root 11241100x8000000000000000142822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6160ae38c6ef982021-12-17 11:41:40.558root 11241100x8000000000000000142823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3717b46d44576eb02021-12-17 11:41:40.558root 11241100x8000000000000000142824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0771827b21f94a2021-12-17 11:41:40.558root 11241100x8000000000000000142825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d1df14507471a52021-12-17 11:41:40.558root 11241100x8000000000000000142826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed0e69f8730824b2021-12-17 11:41:40.558root 11241100x8000000000000000142827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2863fe3beeb82672021-12-17 11:41:40.558root 11241100x8000000000000000142828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9eb54a6d6a42f62021-12-17 11:41:40.558root 11241100x8000000000000000142829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439eecfd278be26b2021-12-17 11:41:40.558root 11241100x8000000000000000142830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8f24b101fc7ac62021-12-17 11:41:40.558root 11241100x8000000000000000142831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9fa78340fbdc0f2021-12-17 11:41:40.558root 11241100x8000000000000000142832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a49d9f8022d61062021-12-17 11:41:40.559root 11241100x8000000000000000142833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6447fc211850b7a2021-12-17 11:41:40.559root 11241100x8000000000000000142834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b3a555b6152062021-12-17 11:41:40.559root 11241100x8000000000000000142835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c04d72d3fdd57bc2021-12-17 11:41:40.559root 11241100x8000000000000000142836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1087449a434c7fb92021-12-17 11:41:40.559root 11241100x8000000000000000142837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1cfebe106e8df42021-12-17 11:41:40.559root 11241100x8000000000000000142838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d913161470c8ff2021-12-17 11:41:40.559root 11241100x8000000000000000142839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a763b3327ba74e342021-12-17 11:41:40.559root 11241100x8000000000000000142840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a3c85b48e686242021-12-17 11:41:40.559root 11241100x8000000000000000142841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:40.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78c1961302a1ef02021-12-17 11:41:40.559root 11241100x8000000000000000142842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fc814d868df75a2021-12-17 11:41:41.057root 11241100x8000000000000000142843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c324f39c5a1580b2021-12-17 11:41:41.057root 11241100x8000000000000000142844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9713995f038fd0e82021-12-17 11:41:41.057root 11241100x8000000000000000142845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310052817016d0ad2021-12-17 11:41:41.058root 11241100x8000000000000000142846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f16fb409c6d89f2021-12-17 11:41:41.058root 11241100x8000000000000000142847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d667739b80ee0d2021-12-17 11:41:41.058root 11241100x8000000000000000142848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c5db9519eca5362021-12-17 11:41:41.058root 11241100x8000000000000000142849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef3cacb8e6c9522021-12-17 11:41:41.058root 11241100x8000000000000000142850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17910dedd72a5092021-12-17 11:41:41.058root 11241100x8000000000000000142851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f160c3ca357aa82021-12-17 11:41:41.058root 11241100x8000000000000000142852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386519e87ba295882021-12-17 11:41:41.058root 11241100x8000000000000000142853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8f0911a6d70a9e2021-12-17 11:41:41.058root 11241100x8000000000000000142854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fb06e676ef6d822021-12-17 11:41:41.058root 11241100x8000000000000000142855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d719a328739b2d8e2021-12-17 11:41:41.058root 11241100x8000000000000000142856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdf0b8c469a399e2021-12-17 11:41:41.058root 11241100x8000000000000000142857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33687bd893040e52021-12-17 11:41:41.058root 11241100x8000000000000000142858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfaec055c0e363e2021-12-17 11:41:41.058root 11241100x8000000000000000142859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661adf510c97be822021-12-17 11:41:41.059root 11241100x8000000000000000142860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa22593ad6fcb9c2021-12-17 11:41:41.059root 11241100x8000000000000000142861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4c7d1dab8f4d3f2021-12-17 11:41:41.059root 11241100x8000000000000000142862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176195c40f97c9f12021-12-17 11:41:41.059root 11241100x8000000000000000142863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015942d6336fb1302021-12-17 11:41:41.059root 11241100x8000000000000000142864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed271722fefdc782021-12-17 11:41:41.059root 11241100x8000000000000000142865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52ccca2947cce962021-12-17 11:41:41.059root 11241100x8000000000000000142866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b70aee1674120422021-12-17 11:41:41.059root 11241100x8000000000000000142867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5bfecc8d560a7d2021-12-17 11:41:41.059root 11241100x8000000000000000142868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eae8cfb882cb4702021-12-17 11:41:41.059root 11241100x8000000000000000142869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61a81260273ed6c2021-12-17 11:41:41.059root 11241100x8000000000000000142870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310e09089756b9b12021-12-17 11:41:41.556root 11241100x8000000000000000142871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.556{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3fe66539a1d28a2021-12-17 11:41:41.556root 11241100x8000000000000000142872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01590fd8e62f82a92021-12-17 11:41:41.557root 11241100x8000000000000000142873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594384e2f96965452021-12-17 11:41:41.557root 11241100x8000000000000000142874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa203964882895df2021-12-17 11:41:41.557root 11241100x8000000000000000142875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32679ee5923e31cd2021-12-17 11:41:41.557root 11241100x8000000000000000142876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89039faa32036eba2021-12-17 11:41:41.557root 11241100x8000000000000000142877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57132cf3f0806192021-12-17 11:41:41.557root 11241100x8000000000000000142878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c3802a26fc34492021-12-17 11:41:41.557root 11241100x8000000000000000142879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.557{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41be834b632f62e2021-12-17 11:41:41.557root 11241100x8000000000000000142880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e37ab130ef22022021-12-17 11:41:41.558root 11241100x8000000000000000142881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b05826d3d94e7902021-12-17 11:41:41.558root 11241100x8000000000000000142882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b6debf085e5ccc2021-12-17 11:41:41.558root 11241100x8000000000000000142883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89bc378e68dd55b2021-12-17 11:41:41.558root 11241100x8000000000000000142884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34731ceee5e7efe72021-12-17 11:41:41.558root 11241100x8000000000000000142885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.558{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf154957b0a51d42021-12-17 11:41:41.558root 11241100x8000000000000000142886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fe0265eba986402021-12-17 11:41:41.559root 11241100x8000000000000000142887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2ba0c7eb74961e2021-12-17 11:41:41.559root 11241100x8000000000000000142888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0ed1bdb548d3592021-12-17 11:41:41.559root 11241100x8000000000000000142889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa678e1062934bb22021-12-17 11:41:41.559root 11241100x8000000000000000142890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed58e43cf3cf22e2021-12-17 11:41:41.559root 11241100x8000000000000000142891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347dac6fd3f9498d2021-12-17 11:41:41.559root 11241100x8000000000000000142892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859fcfc33fd1f0572021-12-17 11:41:41.559root 11241100x8000000000000000142893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb3282c868f097b2021-12-17 11:41:41.559root 11241100x8000000000000000142894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58591d34580b42062021-12-17 11:41:41.559root 11241100x8000000000000000142895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.559{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949dd15f40bdb1202021-12-17 11:41:41.559root 11241100x8000000000000000142896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa5777a2fa6ae362021-12-17 11:41:41.560root 11241100x8000000000000000142897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df87238c6937a0a52021-12-17 11:41:41.560root 11241100x8000000000000000142898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2988aa2f595e9e8c2021-12-17 11:41:41.560root 11241100x8000000000000000142899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.560{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66e46440de894812021-12-17 11:41:41.560root 11241100x8000000000000000142900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1539d306e75d892021-12-17 11:41:41.561root 11241100x8000000000000000142901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.561{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851725c0c8511d502021-12-17 11:41:41.561root 11241100x8000000000000000142902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6be1af33cc7f0b2021-12-17 11:41:41.562root 11241100x8000000000000000142903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04900298180ab1fa2021-12-17 11:41:41.562root 11241100x8000000000000000142904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aebf422ccf28d22021-12-17 11:41:41.562root 11241100x8000000000000000142905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:41.562{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3539df37e9c3cf082021-12-17 11:41:41.562root 11241100x8000000000000000142906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.057{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8565bef6c0b59d552021-12-17 11:41:42.057root 11241100x8000000000000000142907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5bd41ac0ff90692021-12-17 11:41:42.058root 11241100x8000000000000000142908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a999afed2fbb89e2021-12-17 11:41:42.058root 11241100x8000000000000000142909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06db9d69f805d1062021-12-17 11:41:42.058root 11241100x8000000000000000142910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.058{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec69fac18895bac22021-12-17 11:41:42.058root 11241100x8000000000000000142911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8905ae43f993ed2021-12-17 11:41:42.059root 11241100x8000000000000000142912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23716cfffa2c81f72021-12-17 11:41:42.059root 11241100x8000000000000000142913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce93f3ecb8226b0e2021-12-17 11:41:42.059root 11241100x8000000000000000142914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc5b276f0d680ed2021-12-17 11:41:42.059root 11241100x8000000000000000142915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2936ecb70a60c7872021-12-17 11:41:42.059root 11241100x8000000000000000142916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc612254852d5fa2021-12-17 11:41:42.059root 11241100x8000000000000000142917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.059{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abef9ff5a0d3fab2021-12-17 11:41:42.059root 11241100x8000000000000000142918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7874cbc8172e672021-12-17 11:41:42.060root 11241100x8000000000000000142919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1798d7a1aacd94c2021-12-17 11:41:42.060root 11241100x8000000000000000142920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c85178a28d81472021-12-17 11:41:42.060root 11241100x8000000000000000142921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1120f520c8c33352021-12-17 11:41:42.060root 11241100x8000000000000000142922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.060{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72660e7dc2d3c8722021-12-17 11:41:42.060root 11241100x8000000000000000142923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.062{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f37b251ee754f42021-12-17 11:41:42.062root 11241100x8000000000000000142924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011500b68e796e7c2021-12-17 11:41:42.063root 11241100x8000000000000000142925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5401f0ee4a493dc92021-12-17 11:41:42.063root 11241100x8000000000000000142926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.063{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c363f36deabcbd32021-12-17 11:41:42.063root 11241100x8000000000000000142927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47264d8a7f9c0d0a2021-12-17 11:41:42.064root 11241100x8000000000000000142928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ff119faffe367e2021-12-17 11:41:42.064root 11241100x8000000000000000142929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef52542d0f425c902021-12-17 11:41:42.064root 11241100x8000000000000000142930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f375e407c7862eac2021-12-17 11:41:42.064root 11241100x8000000000000000142931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6d37caacab97a62021-12-17 11:41:42.064root 11241100x8000000000000000142932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0272904ba2fcf9c2021-12-17 11:41:42.064root 11241100x8000000000000000142933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.064{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7be0df38dba0212021-12-17 11:41:42.064root 154100x8000000000000000142934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.378{ec28ba6a-7776-61bc-085e-e71877550000}9429/usr/bin/sudo-----sudo vim /etc/cron.hourly/persistevil/tmp/evil_workubuntu{ec28ba6a-70c8-61bc-e803-000000000000}10004no level-{ec28ba6a-70c8-61bc-0864-f69184550000}5342/bin/bash-bashubuntu 11241100x8000000000000000142935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.381{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075113ffd85c34ee2021-12-17 11:41:42.381root 11241100x8000000000000000142936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.382{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f9933e197bb9562021-12-17 11:41:42.382root 11241100x8000000000000000142937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.382{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900934f6c0a0e9162021-12-17 11:41:42.382root 354300x8000000000000000142938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.382{ec28ba6a-7776-61bc-085e-e71877550000}9429/usr/bin/sudoubuntuudptruefalse127.0.0.1-42597-false127.0.0.53-53- 354300x8000000000000000142939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.382{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-39700-false10.0.0.2-53- 354300x8000000000000000142940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.383{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-41560-false10.0.0.2-53- 11241100x8000000000000000142941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.383{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56b1d1acee02eb12021-12-17 11:41:42.383root 354300x8000000000000000142942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.383{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-42597- 354300x8000000000000000142943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.383{ec28ba6a-7776-61bc-085e-e71877550000}9429/usr/bin/sudoubuntuudptruefalse127.0.0.1-51848-false127.0.0.53-53- 11241100x8000000000000000142944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.383{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c185875abc95b72021-12-17 11:41:42.383root 11241100x8000000000000000142945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.383{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f707bf3519a6f32021-12-17 11:41:42.383root 11241100x8000000000000000142946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.383{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dffe95cc71a83f2021-12-17 11:41:42.383root 11241100x8000000000000000142947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.383{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f08b0445a3a4b82021-12-17 11:41:42.383root 11241100x8000000000000000142948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.383{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed02fbc6e8f48a72021-12-17 11:41:42.383root 11241100x8000000000000000142949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.384{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d443820c3d2f8d2021-12-17 11:41:42.384root 11241100x8000000000000000142950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.384{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580d4d6139b24c5b2021-12-17 11:41:42.384root 11241100x8000000000000000142951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.384{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0f1129d42563632021-12-17 11:41:42.384root 354300x8000000000000000142952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.383{ec28ba6a-6d68-61bc-c067-fb0d4e560000}2524/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-51848- 11241100x8000000000000000142953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.384{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d7ba8cb60df79e2021-12-17 11:41:42.384root 11241100x8000000000000000142954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.384{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da24d8ded24f81972021-12-17 11:41:42.384root 11241100x8000000000000000142955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.384{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47bced9afa4b5ee2021-12-17 11:41:42.384root 11241100x8000000000000000142956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.384{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec256e010678d812021-12-17 11:41:42.384root 11241100x8000000000000000142957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.384{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12419fb6c0916e12021-12-17 11:41:42.384root 11241100x8000000000000000142958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.384{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa44681c1993b262021-12-17 11:41:42.384root 11241100x8000000000000000142959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.384{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee52e219a8b83a52021-12-17 11:41:42.384root 11241100x8000000000000000142960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8b614431130b992021-12-17 11:41:42.385root 11241100x8000000000000000142961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df883039cd5e6362021-12-17 11:41:42.385root 11241100x8000000000000000142962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ded391e053bcfa92021-12-17 11:41:42.385root 11241100x8000000000000000142963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263b8d415b7ab4512021-12-17 11:41:42.385root 11241100x8000000000000000142964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a2be1619ee9e332021-12-17 11:41:42.385root 11241100x8000000000000000142965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de305b45221079c52021-12-17 11:41:42.385root 11241100x8000000000000000142966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ee66ac7fbca2a32021-12-17 11:41:42.385root 11241100x8000000000000000142967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27608d850b19b742021-12-17 11:41:42.385root 11241100x8000000000000000142968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee66d22188fc5b92021-12-17 11:41:42.385root 11241100x8000000000000000142969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.385{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8646f68e320effa82021-12-17 11:41:42.385root 154100x8000000000000000142970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.386{ec28ba6a-7776-61bc-5039-5b5a03560000}9430/usr/bin/vim.basic-----vim /etc/cron.hourly/persistevil/tmp/evil_workroot{ec28ba6a-0000-0000-0000-000000000000}04no level-{ec28ba6a-7776-61bc-085e-e71877550000}9429/usr/bin/sudosudoubuntu 11241100x8000000000000000142971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.463{ec28ba6a-7776-61bc-5039-5b5a03560000}9430/usr/bin/vim.basic/etc/cron.hourly/.persistevil.swp2021-12-17 11:41:42.463root 11241100x8000000000000000142972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.463{ec28ba6a-7776-61bc-5039-5b5a03560000}9430/usr/bin/vim.basic/etc/cron.hourly/.persistevil.swpx2021-12-17 11:41:42.463root 23542300x8000000000000000142973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.464{ec28ba6a-7776-61bc-5039-5b5a03560000}9430root/usr/bin/vim.basic/etc/cron.hourly/.persistevil.swpx--- 23542300x8000000000000000142974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.464{ec28ba6a-7776-61bc-5039-5b5a03560000}9430root/usr/bin/vim.basic/etc/cron.hourly/.persistevil.swp--- 11241100x8000000000000000142975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.464{ec28ba6a-7776-61bc-5039-5b5a03560000}9430/usr/bin/vim.basic/etc/cron.hourly/.persistevil.swp2021-12-17 11:41:42.464root 11241100x8000000000000000142976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8686ca168c5abeaa2021-12-17 11:41:42.808root 11241100x8000000000000000142977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.808{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c73a3911632ff72021-12-17 11:41:42.808root 11241100x8000000000000000142978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1014e1a88ab55c2021-12-17 11:41:42.809root 11241100x8000000000000000142979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832a61cd4991f6f42021-12-17 11:41:42.809root 11241100x8000000000000000142980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7464ab983062cb982021-12-17 11:41:42.809root 11241100x8000000000000000142981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.809{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5be97e4c65ff452021-12-17 11:41:42.809root 11241100x8000000000000000142982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dc5851113bac6b2021-12-17 11:41:42.810root 11241100x8000000000000000142983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f7c95440bc03232021-12-17 11:41:42.810root 11241100x8000000000000000142984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6210c9d72d9a442021-12-17 11:41:42.810root 11241100x8000000000000000142985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5ffdd7287ac5282021-12-17 11:41:42.810root 11241100x8000000000000000142986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33c9adb9117ce572021-12-17 11:41:42.810root 11241100x8000000000000000142987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cab5b4638788eb02021-12-17 11:41:42.810root 11241100x8000000000000000142988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd47bdb26984b5b32021-12-17 11:41:42.810root 11241100x8000000000000000142989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2baba31d6eaf816c2021-12-17 11:41:42.810root 11241100x8000000000000000142990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec78caeeb0bf96b2021-12-17 11:41:42.810root 11241100x8000000000000000142991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1aa4803f42adc02021-12-17 11:41:42.810root 11241100x8000000000000000142992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ad9042e0e5f3f12021-12-17 11:41:42.810root 11241100x8000000000000000142993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.810{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85be23c346be6baf2021-12-17 11:41:42.810root 11241100x8000000000000000142994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6346ae91bd2eccca2021-12-17 11:41:42.811root 11241100x8000000000000000142995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fad2a6d44f457312021-12-17 11:41:42.811root 11241100x8000000000000000142996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8a213e22b988d32021-12-17 11:41:42.811root 11241100x8000000000000000142997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d89653436c4260a2021-12-17 11:41:42.811root 11241100x8000000000000000142998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2500f1577e7b0c1a2021-12-17 11:41:42.811root 11241100x8000000000000000142999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ded963afa7c2c42021-12-17 11:41:42.811root 11241100x8000000000000000143000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7e755f30137e4b2021-12-17 11:41:42.811root 11241100x8000000000000000143001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f2b183cb612e132021-12-17 11:41:42.811root 11241100x8000000000000000143002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16e98634aaba8552021-12-17 11:41:42.811root 11241100x8000000000000000143003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b19dfc0f2892d22021-12-17 11:41:42.811root 11241100x8000000000000000143004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b28c5e4ac6de302021-12-17 11:41:42.811root 11241100x8000000000000000143005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bb8f244367aa3a2021-12-17 11:41:42.811root 11241100x8000000000000000143006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d39f143d76c52412021-12-17 11:41:42.811root 11241100x8000000000000000143007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.811{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf55126d85898442021-12-17 11:41:42.811root 11241100x8000000000000000143008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f025ccd2af3b942021-12-17 11:41:42.812root 11241100x8000000000000000143009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d99ecdc77bca4a32021-12-17 11:41:42.812root 11241100x8000000000000000143010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edde034b8c4136162021-12-17 11:41:42.812root 11241100x8000000000000000143011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c17436fd1c0f77c2021-12-17 11:41:42.812root 11241100x8000000000000000143012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3bc2bc010223292021-12-17 11:41:42.812root 11241100x8000000000000000143013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439181bf959a258d2021-12-17 11:41:42.812root 11241100x8000000000000000143014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679a2b4a70b4ab3a2021-12-17 11:41:42.812root 11241100x8000000000000000143015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797ed32ebdaddcce2021-12-17 11:41:42.812root 11241100x8000000000000000143016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:42.812{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982ab4b92bf6cf4b2021-12-17 11:41:42.812root 11241100x8000000000000000143017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fcedf8c5cee0d82021-12-17 11:41:43.308root 11241100x8000000000000000143018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab95de73f3fc57b2021-12-17 11:41:43.308root 11241100x8000000000000000143019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf2bcfc276132cd2021-12-17 11:41:43.308root 11241100x8000000000000000143020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640611076bfc4a922021-12-17 11:41:43.308root 11241100x8000000000000000143021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9dcf495aae72662021-12-17 11:41:43.308root 11241100x8000000000000000143022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc63f8fc4b3f20e2021-12-17 11:41:43.308root 11241100x8000000000000000143023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44d6223a8922e382021-12-17 11:41:43.308root 11241100x8000000000000000143024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99539f1e9d9f09f12021-12-17 11:41:43.308root 11241100x8000000000000000143025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d3138cbea9d3d52021-12-17 11:41:43.308root 11241100x8000000000000000143026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.308{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b277e2f4ccbb182021-12-17 11:41:43.308root 11241100x8000000000000000143027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5752b7501b38482021-12-17 11:41:43.309root 11241100x8000000000000000143028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1980f11644eb4912021-12-17 11:41:43.309root 11241100x8000000000000000143029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58842ebcaa3f805b2021-12-17 11:41:43.309root 11241100x8000000000000000143030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c22f5627b4ed8372021-12-17 11:41:43.309root 11241100x8000000000000000143031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de377045053a756b2021-12-17 11:41:43.309root 11241100x8000000000000000143032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90b11acf3ecf7952021-12-17 11:41:43.309root 11241100x8000000000000000143033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea5e0555c5130712021-12-17 11:41:43.309root 11241100x8000000000000000143034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f0e5995f8a736d2021-12-17 11:41:43.309root 11241100x8000000000000000143035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1ee93633cec1e22021-12-17 11:41:43.309root 11241100x8000000000000000143036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cb76b6f559feea2021-12-17 11:41:43.309root 11241100x8000000000000000143037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83b9dae244cdb852021-12-17 11:41:43.309root 11241100x8000000000000000143038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a7f4ea4c0346de2021-12-17 11:41:43.309root 11241100x8000000000000000143039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1130e53958324f502021-12-17 11:41:43.309root 11241100x8000000000000000143040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b06ca7ebd4bd4c22021-12-17 11:41:43.309root 11241100x8000000000000000143041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.309{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a21d13bbcfcd952021-12-17 11:41:43.309root 11241100x8000000000000000143042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1aa159b3a08e55f2021-12-17 11:41:43.310root 11241100x8000000000000000143043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8be062f935c4aea2021-12-17 11:41:43.310root 11241100x8000000000000000143044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bdb2458818abc82021-12-17 11:41:43.310root 11241100x8000000000000000143045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb8c028e4a0ac392021-12-17 11:41:43.310root 11241100x8000000000000000143046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5bd138abfdd0a42021-12-17 11:41:43.310root 11241100x8000000000000000143047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a970168c86c330912021-12-17 11:41:43.310root 11241100x8000000000000000143048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facd108abfa55f632021-12-17 11:41:43.310root 11241100x8000000000000000143049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fdd6f9d6918b442021-12-17 11:41:43.310root 11241100x8000000000000000143050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64f222a1d39d7c82021-12-17 11:41:43.310root 11241100x8000000000000000143051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5269280143887c252021-12-17 11:41:43.310root 11241100x8000000000000000143052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c769a07a3dcdc0002021-12-17 11:41:43.310root 11241100x8000000000000000143053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aec3ed88bee6c832021-12-17 11:41:43.310root 11241100x8000000000000000143054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8cca813455cfa32021-12-17 11:41:43.310root 11241100x8000000000000000143055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-216-2021-12-17 11:41:43.310{ec28ba6a-70a0-61bc-3048-f825f0550000}5243/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45fea5f9ac4405b2021-12-17 11:41:43.310root